@devtrack-solution/codesdd 1.2.2 → 1.2.4-rc3

package/dist/core/sdd/services/mcp-runtime.service.js

@@ -1,37 +1,86 @@
 import { nowIso } from '../state.js';
 import { ContextService } from './context.service.js';
-import { FinalizeService } from './finalize.service.js';
 import { NextService } from './next.service.js';
+import { GovernanceControlPlaneService } from './governance-control-plane.service.js';
+import { SkillsInvokeService } from './skills-invoke.service.js';
+import { SddCheckCommand } from '../check.js';
+import { SddDiagnoseCommand } from '../diagnose.js';
+import { inspectPluginManifestFromFile, planPluginInvocationFromFile, } from '../plugin-cli.js';
+import { parse as parseYaml } from 'yaml';
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+export const MCP_RUNTIME_STATE_BOUNDARY = {
+    id: 'codesdd-canonical-sdd-state',
+    canonical_state_root: '.sdd/state',
+    canonical_state_glob: '.sdd/state/*.yaml',
+    canonical_workspace_roots: ['.sdd/planned', '.sdd/active', '.sdd/archived'],
+    adapter_boundary: 'SddStores',
+    runtime_persistence: 'delegated-to-codesdd-services',
+    hidden_state_allowed: false,
+    external_state_allowed: false,
+};
 const PROVIDER_PROFILES = {
     codex: {
         label: 'Codex',
-        session_contract: 'Use JSON tool payloads and preserve FEAT state transitions through next/context/finalize without hidden side channels.',
+        session_contract: 'Use JSON tool payloads and preserve FEAT lifecycle/structural reads through canonical CodeSDD state without hidden side channels.',
     },
     'claude-code': {
         label: 'Claude Code',
-        session_contract: 'Use JSON tool payloads and treat OpenSDD as the canonical execution ledger for plan, context, and closure.',
+        session_contract: 'Use JSON tool payloads and treat CodeSDD as the canonical execution ledger for plan, context, and closure.',
+    },
+    deepagents: {
+        label: 'DeepAgents',
+        session_contract: 'Use governed agent envelopes over canonical CodeSDD state and workspace artifacts, preserving existing providers without replacement.',
     },
     'kimmy-code': {
         label: 'Kimmy Code',
-        session_contract: 'Use the same stateless JSON envelopes and feed all execution evidence back into OpenSDD workspaces.',
+        session_contract: 'Use the same stateless JSON envelopes and feed all execution evidence back into CodeSDD workspaces.',
     },
     'kilo-code': {
         label: 'Kilo Code',
-        session_contract: 'Use OpenSDD tool envelopes as the source of truth for ready work, scoped context, and feature finalization.',
+        session_contract: 'Use CodeSDD tool envelopes as the source of truth for lifecycle context, structural query, and workspace reads.',
     },
     'open-code': {
         label: 'Open Code',
-        session_contract: 'Use stateless OpenSDD tool calls and return evidence through workspace artifacts before finalize.',
+        session_contract: 'Use stateless CodeSDD tool calls for read-only lifecycle, structural query, and workspace evidence retrieval.',
     },
     generic: {
         label: 'Generic MCP Client',
-        session_contract: 'Use the provider-agnostic JSON envelope and treat OpenSDD workspace/state files as the only canonical state system.',
+        session_contract: 'Use the provider-agnostic JSON envelope and treat CodeSDD workspace/state files as the only canonical state system.',
     },
 };
-const TOOL_DEFINITIONS = [
+const MCP_RUNTIME_PLANNED_TOOLS = [
     {
-        name: 'opensdd.next',
-        title: 'OpenSDD Next',
+        name: 'codesdd.agent.run',
+        status: 'planned',
+        title: 'CodeSDD Agent Run',
+        description: 'Planned governed run execution envelope for DeepAgents-compatible providers.',
+    },
+    {
+        name: 'codesdd.agent.plan',
+        status: 'planned',
+        title: 'CodeSDD Agent Plan',
+        description: 'Planned agent planning envelope for FEAT decomposition, sequencing, and execution constraints.',
+    },
+    {
+        name: 'codesdd.agent.evidence',
+        status: 'planned',
+        title: 'CodeSDD Agent Evidence',
+        description: 'Planned structured evidence envelope linked to canonical CodeSDD FEAT workspaces.',
+    },
+    {
+        name: 'codesdd.agent.status',
+        status: 'planned',
+        title: 'CodeSDD Agent Status',
+        description: 'Planned status envelope for agent lifecycle telemetry and rollout readiness.',
+    },
+];
+export const MCP_RUNTIME_TOOL_REGISTRY = [
+    {
+        id: 'runtime-tool:codesdd.next',
+        canonical_name: 'codesdd.next',
+        operation: 'next',
+        title: 'CodeSDD Next',
         description: 'Return the next ready FEATs, blocked work, conflicts, and execution waves.',
         input_schema: {
             type: 'object',
@@ -42,10 +91,29 @@ const TOOL_DEFINITIONS = [
                 maxAgents: { type: 'integer', minimum: 1 },
             },
         },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'low',
+            evidence_behavior: 'Record selected execution wave and decisions in 5-quality.yaml when tool output drives implementation work.',
+            hitl_rule: 'No HITL required for read-only ranking output.',
+        },
+        implementation: {
+            service: 'NextService',
+            state_access: 'read',
+            reads: ['.sdd/state/*.yaml', '.sdd/{planned,active,archived}/**/*.yaml'],
+            writes: [],
+        },
     },
     {
-        name: 'opensdd.context',
-        title: 'OpenSDD Context',
+        id: 'runtime-tool:codesdd.context',
+        canonical_name: 'codesdd.context',
+        operation: 'context',
+        title: 'CodeSDD Context',
         description: 'Return the scoped execution context for a FEAT, EPIC, FGAP, or TD reference.',
         input_schema: {
             type: 'object',
@@ -55,23 +123,492 @@ const TOOL_DEFINITIONS = [
                 ref: { type: 'string' },
             },
         },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'low',
+            evidence_behavior: 'Record the consumed context reference in changelog or quality evidence when used for FEAT execution.',
+            hitl_rule: 'No HITL required for context reads.',
+        },
+        implementation: {
+            service: 'ContextService',
+            state_access: 'read',
+            reads: ['.sdd/state/*.yaml', '.sdd/{planned,active,archived}/**/*.yaml'],
+            writes: [],
+        },
     },
     {
-        name: 'opensdd.finalize',
-        title: 'OpenSDD Finalize',
-        description: 'Finalize a FEAT or all ready queue entries after quality and workflow guardrails pass.',
+        id: 'runtime-tool:codesdd.query',
+        canonical_name: 'codesdd.query',
+        operation: 'query',
+        title: 'CodeSDD Structural Query',
+        description: 'Query canonical CodeSDD structure by identifier dependencies or full-text terms over backlog/discovery state.',
         input_schema: {
             type: 'object',
             additionalProperties: false,
             properties: {
                 ref: { type: 'string' },
-                allReady: { type: 'boolean' },
-                forceFrontend: { type: 'boolean' },
+                query: { type: 'string' },
+                scope: { type: 'string', enum: ['backlog', 'discovery', 'all'] },
+                limit: { type: 'integer', minimum: 1 },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'low',
+            evidence_behavior: 'Capture query criteria and result summary when it influences scope or dependency decisions.',
+            hitl_rule: 'No HITL required for structural queries.',
+        },
+        implementation: {
+            service: 'StructuralQueryService',
+            state_access: 'read',
+            reads: ['.sdd/state/*.yaml', '.sdd/{planned,active,archived}/**/*.yaml'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.read',
+        canonical_name: 'codesdd.read',
+        operation: 'read',
+        title: 'CodeSDD Workspace Read',
+        description: 'Read canonical FEAT workspace docs (spec/plan/tasks/changelog/quality) from active, planned, or archived state.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['ref'],
+            properties: {
+                ref: { type: 'string' },
+                doc: {
+                    type: 'string',
+                    enum: ['spec', 'plan', 'tasks', 'changelog', 'quality', 'all'],
+                },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'low',
+            evidence_behavior: 'Use returned workspace docs as canonical evidence; do not replace file-based traceability with transient logs.',
+            hitl_rule: 'No HITL required for workspace reads.',
+        },
+        implementation: {
+            service: 'WorkspaceReadService',
+            state_access: 'read',
+            reads: ['.sdd/{planned,active,archived}/**/*.yaml'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.start',
+        canonical_name: 'codesdd.start',
+        operation: 'start',
+        title: 'CodeSDD Start Intent',
+        description: 'Plan a gated start intent for FEAT execution without mutating canonical state directly through MCP.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['refOrText'],
+            properties: {
+                refOrText: { type: 'string' },
+                scale: { type: 'string', enum: ['QUICK', 'STANDARD', 'LARGE'] },
+                schema: { type: 'string' },
+                flowMode: { type: 'string', enum: ['direct', 'standard', 'rigorous'] },
+                force: { type: 'boolean' },
                 forceTransition: { type: 'boolean' },
             },
         },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'intent-only',
+            risk_tier: 'high',
+            evidence_behavior: 'Intent payload must be recorded before execution; execution evidence must be appended to 5-quality.yaml after running the CLI command.',
+            hitl_rule: 'Human approval required before executing the generated start intent command.',
+        },
+        implementation: {
+            service: 'StartService',
+            state_access: 'read-write',
+            reads: ['.sdd/state/*.yaml', '.sdd/{planned,active,archived}/**/*.yaml'],
+            writes: ['.sdd/state/*.yaml', '.sdd/active/**', '.sdd/planned/**'],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.plugin.inspect',
+        canonical_name: 'codesdd.plugin.inspect',
+        operation: 'plugin-inspect',
+        title: 'CodeSDD Plugin Inspect',
+        description: 'Inspect plugin manifests with policy and capability metadata without executing plugins.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['manifestPath'],
+            properties: {
+                manifestPath: { type: 'string' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'medium',
+            evidence_behavior: 'Include inspected plugin ref/version in quality evidence when plugin governance influences FEAT decisions.',
+            hitl_rule: 'No HITL required for manifest inspection.',
+        },
+        implementation: {
+            service: 'PluginCliService',
+            state_access: 'read',
+            reads: ['**/codesdd-plugin.yaml', '.sdd/**'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.plugin.plan',
+        canonical_name: 'codesdd.plugin.plan',
+        operation: 'plugin-plan',
+        title: 'CodeSDD Plugin Plan',
+        description: 'Build a plugin runtime invocation plan in dry-run mode with policy evaluation.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['manifestPath', 'featureRef', 'capability'],
+            properties: {
+                manifestPath: { type: 'string' },
+                featureRef: { type: 'string' },
+                capability: { type: 'string' },
+                skillRef: { type: 'string' },
+                inputs: { type: 'object' },
+                writeScope: { type: 'array', items: { type: 'string' } },
+                approvalGrants: { type: 'array', items: { type: 'string' } },
+                plannedWrites: { type: 'array', items: { type: 'string' } },
+                requestedEnv: { type: 'array', items: { type: 'string' } },
+                networkDomains: { type: 'array', items: { type: 'string' } },
+                processSpawnRequested: { type: 'boolean' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'medium',
+            evidence_behavior: 'Persist planned policy decisions and reasons in quality evidence before promoting to apply modes.',
+            hitl_rule: 'No HITL required for dry-run planning output.',
+        },
+        implementation: {
+            service: 'PluginCliService',
+            state_access: 'read',
+            reads: ['**/codesdd-plugin.yaml', '.sdd/**'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.plugin.apply_sandbox',
+        canonical_name: 'codesdd.plugin.apply_sandbox',
+        operation: 'plugin-apply-sandbox',
+        title: 'CodeSDD Plugin Apply Sandbox Intent',
+        description: 'Generate a sandbox apply plan that remains gated for human approval before execution.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['manifestPath', 'featureRef', 'capability'],
+            properties: {
+                manifestPath: { type: 'string' },
+                featureRef: { type: 'string' },
+                capability: { type: 'string' },
+                skillRef: { type: 'string' },
+                inputs: { type: 'object' },
+                writeScope: { type: 'array', items: { type: 'string' } },
+                approvalGrants: { type: 'array', items: { type: 'string' } },
+                plannedWrites: { type: 'array', items: { type: 'string' } },
+                requestedEnv: { type: 'array', items: { type: 'string' } },
+                networkDomains: { type: 'array', items: { type: 'string' } },
+                processSpawnRequested: { type: 'boolean' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'intent-only',
+            risk_tier: 'critical',
+            evidence_behavior: 'Apply-sandbox plan and policy decision must be logged before approval; post-execution evidence must include artifacts and compensating controls.',
+            hitl_rule: 'Human approval required for apply_sandbox due to write scope and policy risk.',
+        },
+        implementation: {
+            service: 'PluginCliService',
+            state_access: 'read-write',
+            reads: ['**/codesdd-plugin.yaml', '.sdd/**'],
+            writes: ['sandbox/**'],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.quality.evidence',
+        canonical_name: 'codesdd.quality.evidence',
+        operation: 'quality-evidence',
+        title: 'CodeSDD Quality Evidence Read',
+        description: 'Read quality evidence, acceptance matrix, and skill evidence from FEAT workspace quality docs.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['ref'],
+            properties: {
+                ref: { type: 'string' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'medium',
+            evidence_behavior: 'Use output to validate coverage targets and remediation status before finalize.',
+            hitl_rule: 'No HITL required for evidence reads.',
+        },
+        implementation: {
+            service: 'QualityEvidenceService',
+            state_access: 'read',
+            reads: ['.sdd/{planned,active,archived}/**/5-quality.yaml'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.adr',
+        canonical_name: 'codesdd.adr',
+        operation: 'adr',
+        title: 'CodeSDD ADR Read',
+        description: 'List ADR documents and optional FEAT-ref matches from canonical ADR folders.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            properties: {
+                ref: { type: 'string' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'low',
+            evidence_behavior: 'Reference ADR IDs in quality traceability when architectural decisions constrain implementation.',
+            hitl_rule: 'No HITL required for ADR indexing.',
+        },
+        implementation: {
+            service: 'AdrIndexService',
+            state_access: 'read',
+            reads: ['.sdd/core/adrs/*.md'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.check',
+        canonical_name: 'codesdd.check',
+        operation: 'check',
+        title: 'CodeSDD Check',
+        description: 'Run structured CodeSDD check report in read-only mode (render disabled).',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            properties: {
+                strict: { type: 'boolean' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'medium',
+            evidence_behavior: 'Attach check summary and blocking errors to 5-quality.yaml evidence_log before finalize.',
+            hitl_rule: 'No HITL required to run check in non-render mode.',
+        },
+        implementation: {
+            service: 'SddCheckCommand',
+            state_access: 'read',
+            reads: ['.sdd/**'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.diagnose',
+        canonical_name: 'codesdd.diagnose',
+        operation: 'diagnose',
+        title: 'CodeSDD Diagnose',
+        description: 'Run structural diagnostics without writing external report files.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            properties: {
+                strict: { type: 'boolean' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'medium',
+            evidence_behavior: 'Include diagnose health and finding counts in quality evidence before finalize.',
+            hitl_rule: 'No HITL required for diagnostics reads.',
+        },
+        implementation: {
+            service: 'SddDiagnoseCommand',
+            state_access: 'read',
+            reads: ['.sdd/**'],
+            writes: [],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.finalize_intent',
+        canonical_name: 'codesdd.finalize_intent',
+        operation: 'finalize-intent',
+        title: 'CodeSDD Finalize Intent',
+        description: 'Create a gated finalize intent command without mutating state from MCP directly.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['featureId'],
+            properties: {
+                featureId: { type: 'string' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'intent-only',
+            risk_tier: 'critical',
+            evidence_behavior: 'Finalize intent requires quality evidence coverage, frontend declaration, and post-finalize check/diagnose evidence before closure.',
+            hitl_rule: 'Human approval required before executing finalize intent command.',
+        },
+        implementation: {
+            service: 'GovernanceControlPlaneService',
+            state_access: 'read-write',
+            reads: ['.sdd/state/*.yaml', '.sdd/active/**'],
+            writes: ['.sdd/state/*.yaml', '.sdd/archived/**'],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.frontend_impact',
+        canonical_name: 'codesdd.frontend_impact',
+        operation: 'frontend-impact',
+        title: 'CodeSDD Frontend Impact Intent',
+        description: 'Create a gated frontend-impact intent command with routes and surfaces metadata.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            required: ['featureId', 'status'],
+            properties: {
+                featureId: { type: 'string' },
+                status: { type: 'string', enum: ['unknown', 'none', 'required'] },
+                reason: { type: 'string' },
+                routes: {
+                    oneOf: [{ type: 'string' }, { type: 'array', items: { type: 'string' } }],
+                },
+                surfaces: {
+                    oneOf: [{ type: 'string' }, { type: 'array', items: { type: 'string' } }],
+                },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'intent-only',
+            risk_tier: 'high',
+            evidence_behavior: 'Record frontend-impact declaration and rationale in quality evidence before finalize.',
+            hitl_rule: 'Human approval required before executing frontend-impact intent command.',
+        },
+        implementation: {
+            service: 'GovernanceControlPlaneService',
+            state_access: 'read-write',
+            reads: ['.sdd/state/*.yaml'],
+            writes: ['.sdd/state/backlog.yaml', '.sdd/state/frontend-map.yaml'],
+        },
+    },
+    {
+        id: 'runtime-tool:codesdd.skill_prompt',
+        canonical_name: 'codesdd.skill_prompt',
+        operation: 'skill-prompt',
+        title: 'CodeSDD Skill Prompt',
+        description: 'Select skills and generate invocation prompt payload aligned with CodeSDD catalog and context.',
+        input_schema: {
+            type: 'object',
+            additionalProperties: false,
+            properties: {
+                ids: { type: 'array', items: { type: 'string' } },
+                phase: { type: 'string' },
+                domains: { type: 'array', items: { type: 'string' } },
+                bundles: { type: 'array', items: { type: 'string' } },
+                max: { type: 'integer', minimum: 1 },
+                objective: { type: 'string' },
+                ref: { type: 'string' },
+            },
+        },
+        output_schema: {
+            type: 'object',
+            additionalProperties: true,
+        },
+        compatibility_aliases: [],
+        governance: {
+            gate: 'read-only',
+            risk_tier: 'medium',
+            evidence_behavior: 'Record selected skills in skill_evidence when prompt output is used for feature implementation.',
+            hitl_rule: 'No HITL required for prompt generation.',
+        },
+        implementation: {
+            service: 'SkillsInvokeService',
+            state_access: 'read',
+            reads: ['.sdd/state/skill-catalog.yaml', '.sdd/skills/**', '.sdd/active/**'],
+            writes: [],
+        },
     },
 ];
+export const MCP_RUNTIME_SUPPORTED_TOOLS = MCP_RUNTIME_TOOL_REGISTRY.flatMap((entry) => [
+    entry.canonical_name,
+    ...entry.compatibility_aliases,
+]);
+const LEGACY_TOOL_ALIASES = MCP_RUNTIME_TOOL_REGISTRY.reduce((aliases, entry) => {
+    for (const alias of entry.compatibility_aliases) {
+        aliases[alias] = entry.canonical_name;
+    }
+    return aliases;
+}, {});
 function resolveProvider(provider) {
     if (!provider)
         return 'generic';
@@ -79,6 +616,72 @@ function resolveProvider(provider) {
         return provider;
     throw new Error(`Unknown MCP provider "${provider}". Use one of: ${Object.keys(PROVIDER_PROFILES).join(', ')}`);
 }
+function runtimeRegistryManifest() {
+    return {
+        name: 'codesdd-runtime-tool-registry',
+        version: 1,
+        canonical_namespace: 'codesdd',
+        compatibility_namespaces: [],
+        state_boundary_ref: MCP_RUNTIME_STATE_BOUNDARY.id,
+        entries: MCP_RUNTIME_TOOL_REGISTRY.map((entry) => ({
+            id: entry.id,
+            canonical_name: entry.canonical_name,
+            operation: entry.operation,
+            governance: {
+                gate: entry.governance.gate,
+                risk_tier: entry.governance.risk_tier,
+                evidence_behavior: entry.governance.evidence_behavior,
+                hitl_rule: entry.governance.hitl_rule,
+            },
+            compatibility_aliases: [...entry.compatibility_aliases],
+            implementation: {
+                service: entry.implementation.service,
+                state_access: entry.implementation.state_access,
+                reads: [...entry.implementation.reads],
+                writes: [...entry.implementation.writes],
+            },
+        })),
+    };
+}
+function toolDefinitions() {
+    return MCP_RUNTIME_TOOL_REGISTRY.map((entry) => ({
+        registry_entry_ref: entry.id,
+        name: entry.canonical_name,
+        title: entry.title,
+        description: entry.description,
+        input_schema: entry.input_schema,
+        output_schema: entry.output_schema,
+        governance: {
+            gate: entry.governance.gate,
+            risk_tier: entry.governance.risk_tier,
+            evidence_behavior: entry.governance.evidence_behavior,
+            hitl_rule: entry.governance.hitl_rule,
+        },
+        compatibility_aliases: [...entry.compatibility_aliases],
+    }));
+}
+function resolveToolRequest(tool) {
+    const canonicalEntry = MCP_RUNTIME_TOOL_REGISTRY.find((entry) => entry.canonical_name === tool);
+    if (canonicalEntry) {
+        return {
+            entry: canonicalEntry,
+            requestedTool: canonicalEntry.canonical_name,
+            compatibilityAliasUsed: false,
+        };
+    }
+    const canonicalName = LEGACY_TOOL_ALIASES[tool];
+    const aliasEntry = canonicalName
+        ? MCP_RUNTIME_TOOL_REGISTRY.find((entry) => entry.canonical_name === canonicalName)
+        : undefined;
+    if (aliasEntry) {
+        return {
+            entry: aliasEntry,
+            requestedTool: tool,
+            compatibilityAliasUsed: true,
+        };
+    }
+    throw new Error(`Unsupported MCP tool "${tool}". Use one of: ${MCP_RUNTIME_SUPPORTED_TOOLS.join(', ')}`);
+}
 export class McpRuntimeService {
     stores;
     constructor(stores) {
@@ -87,9 +690,9 @@ export class McpRuntimeService {
     manifest(provider) {
         const providerId = resolveProvider(provider);
         return {
-            protocol: 'opensdd-mcp-bridge/v1',
+            protocol: 'codesdd-mcp-bridge/v1',
             server: {
-                name: 'opensdd',
+                name: 'codesdd',
                 version: 1,
             },
             provider: {
@@ -98,47 +701,496 @@ export class McpRuntimeService {
                 transport: 'stdio',
                 session_contract: PROVIDER_PROFILES[providerId].session_contract,
             },
-            tools: TOOL_DEFINITIONS,
+            tools: toolDefinitions(),
+            planned_tools: MCP_RUNTIME_PLANNED_TOOLS.map((tool) => ({ ...tool })),
+            registry: runtimeRegistryManifest(),
+            state_boundary: MCP_RUNTIME_STATE_BOUNDARY,
         };
     }
     async invoke(projectRoot, input) {
         const providerId = resolveProvider(input.provider);
         const args = input.args || {};
+        const resolution = resolveToolRequest(input.tool);
+        const tool = resolution.entry.canonical_name;
         let result;
-        switch (input.tool) {
-            case 'opensdd.next':
+        switch (tool) {
+            case 'codesdd.next':
                 result = await new NextService(this.stores).execute(projectRoot, {
                     rank: typeof args.rank === 'string' ? args.rank : undefined,
                     limit: typeof args.limit === 'number' ? args.limit : undefined,
                     maxAgents: typeof args.maxAgents === 'number' ? args.maxAgents : undefined,
                 });
                 break;
-            case 'opensdd.context':
+            case 'codesdd.context':
                 if (typeof args.ref !== 'string' || !args.ref.trim()) {
-                    throw new Error('opensdd.context requires args.ref');
+                    throw new Error('codesdd.context requires args.ref');
                 }
                 result = await new ContextService(this.stores).execute(projectRoot, args.ref);
                 break;
-            case 'opensdd.finalize':
-                result = await new FinalizeService(this.stores).execute(projectRoot, {
-                    ref: typeof args.ref === 'string' ? args.ref : undefined,
-                    allReady: args.allReady === true,
-                    forceFrontend: args.forceFrontend === true,
-                    forceTransition: args.forceTransition === true,
-                    cwd: typeof args.cwd === 'string' ? args.cwd : undefined,
+            case 'codesdd.query':
+                result = await this.queryState(args);
+                break;
+            case 'codesdd.read':
+                result = await this.readWorkspaceDocs(projectRoot, args);
+                break;
+            case 'codesdd.start':
+                result = this.planStartIntent(projectRoot, args);
+                break;
+            case 'codesdd.plugin.inspect':
+                result = await this.inspectPlugin(args);
+                break;
+            case 'codesdd.plugin.plan':
+                result = await this.planPlugin(args, false);
+                break;
+            case 'codesdd.plugin.apply_sandbox':
+                result = await this.planPlugin(args, true);
+                break;
+            case 'codesdd.quality.evidence':
+                result = await this.readQualityEvidence(projectRoot, args);
+                break;
+            case 'codesdd.adr':
+                result = await this.readAdrIndex(projectRoot, args);
+                break;
+            case 'codesdd.check':
+                result = await new SddCheckCommand().execute(projectRoot, {
                     render: false,
+                    strict: args.strict === true,
                 });
                 break;
+            case 'codesdd.diagnose':
+                result = await new SddDiagnoseCommand().execute(projectRoot, {
+                    strict: args.strict === true,
+                });
+                break;
+            case 'codesdd.finalize_intent':
+                result = this.planFinalizeIntent(projectRoot, args);
+                break;
+            case 'codesdd.frontend_impact':
+                result = this.planFrontendImpactIntent(projectRoot, args);
+                break;
+            case 'codesdd.skill_prompt':
+                result = await this.buildSkillPrompt(projectRoot, args);
+                break;
             default:
+                // The registry resolver rejects unknown tools before this switch. This branch is retained
+                // as a compile-time exhaustiveness guard if new tools are added without implementation.
                 throw new Error(`Unsupported MCP tool "${input.tool}"`);
         }
         return {
-            protocol: 'opensdd-mcp-bridge/v1',
+            protocol: 'codesdd-mcp-bridge/v1',
             provider: providerId,
-            tool: input.tool,
+            tool,
+            requested_tool: resolution.requestedTool,
+            compatibility_alias_used: resolution.compatibilityAliasUsed,
+            registry_resolution: {
+                registry: 'codesdd-runtime-tool-registry',
+                registry_entry_ref: resolution.entry.id,
+                canonical_tool: tool,
+                requested_tool: resolution.requestedTool,
+                compatibility_alias_used: resolution.compatibilityAliasUsed,
+                state_access: resolution.entry.implementation.state_access,
+            },
+            state_boundary: MCP_RUNTIME_STATE_BOUNDARY,
             invoked_at: nowIso(),
             result,
         };
     }
+    async queryState(args) {
+        const ref = typeof args.ref === 'string' ? args.ref.trim().toUpperCase() : '';
+        const query = typeof args.query === 'string' ? args.query.trim() : '';
+        const scope = args.scope === 'backlog' || args.scope === 'discovery' || args.scope === 'all'
+            ? args.scope
+            : 'all';
+        const limit = typeof args.limit === 'number' && Number.isFinite(args.limit)
+            ? Math.max(1, Math.floor(args.limit))
+            : 20;
+        if (!ref && !query) {
+            throw new Error('codesdd.query requires args.ref or args.query');
+        }
+        const backlog = scope === 'discovery' ? null : await this.stores.backlog.load();
+        const discovery = scope === 'backlog' ? null : await this.stores.discoveryIndex.load();
+        if (ref) {
+            const feature = backlog?.items.find((item) => item.id.toUpperCase() === ref);
+            if (feature) {
+                const dependents = backlog?.items
+                    .filter((item) => item.blocked_by.includes(feature.id))
+                    .map((item) => item.id) ?? [];
+                return {
+                    mode: 'ref',
+                    scope,
+                    ref: feature.id,
+                    type: 'feature',
+                    result: {
+                        id: feature.id,
+                        title: feature.title,
+                        status: feature.status,
+                        blocked_by: feature.blocked_by,
+                        dependents,
+                        touches: feature.touches,
+                        current_stage: feature.current_stage,
+                    },
+                };
+            }
+            const record = discovery?.records.find((item) => item.id.toUpperCase() === ref);
+            if (record) {
+                return {
+                    mode: 'ref',
+                    scope,
+                    ref: record.id,
+                    type: record.type.toLowerCase(),
+                    result: {
+                        id: record.id,
+                        type: record.type,
+                        title: record.title,
+                        status: record.status,
+                        related_ids: record.related_ids,
+                        warning_links: record.warning_links,
+                    },
+                };
+            }
+            return { mode: 'ref', scope, ref, type: 'not_found', result: null };
+        }
+        const token = query.toLowerCase();
+        const backlogMatches = (backlog?.items ?? [])
+            .filter((item) => {
+            const haystack = [
+                item.id,
+                item.title,
+                item.summary || '',
+                item.origin_ref || '',
+                ...item.touches,
+                ...item.blocked_by,
+            ]
+                .join(' ')
+                .toLowerCase();
+            return haystack.includes(token);
+        })
+            .slice(0, limit)
+            .map((item) => ({
+            id: item.id,
+            title: item.title,
+            status: item.status,
+            origin_ref: item.origin_ref,
+        }));
+        const discoveryMatches = (discovery?.records ?? [])
+            .filter((item) => {
+            const haystack = [
+                item.id,
+                item.type,
+                item.title,
+                ...item.related_ids,
+                ...item.warning_links,
+            ]
+                .join(' ')
+                .toLowerCase();
+            return haystack.includes(token);
+        })
+            .slice(0, limit)
+            .map((item) => ({
+            id: item.id,
+            type: item.type,
+            title: item.title,
+            status: item.status,
+        }));
+        return {
+            mode: 'search',
+            scope,
+            query,
+            limit,
+            counts: {
+                backlog: backlogMatches.length,
+                discovery: discoveryMatches.length,
+            },
+            results: {
+                backlog: backlogMatches,
+                discovery: discoveryMatches,
+            },
+        };
+    }
+    async readWorkspaceDocs(projectRoot, args) {
+        const ref = typeof args.ref === 'string' ? args.ref.trim().toUpperCase() : '';
+        if (!ref) {
+            throw new Error('codesdd.read requires args.ref');
+        }
+        const doc = typeof args.doc === 'string' &&
+            ['spec', 'plan', 'tasks', 'changelog', 'quality', 'all'].includes(args.doc)
+            ? args.doc
+            : 'all';
+        const roots = [
+            { state: 'active', dir: path.join(projectRoot, '.sdd', 'active') },
+            { state: 'planned', dir: path.join(projectRoot, '.sdd', 'planned') },
+            { state: 'archived', dir: path.join(projectRoot, '.sdd', 'archived') },
+        ];
+        let root = null;
+        for (const candidate of roots) {
+            const workspaceDir = path.join(candidate.dir, ref);
+            try {
+                await fs.access(workspaceDir);
+                root = candidate;
+                break;
+            }
+            catch {
+                continue;
+            }
+        }
+        if (!root) {
+            return {
+                ref,
+                workspace_state: 'not_found',
+                workspace_path: '',
+                docs: {},
+            };
+        }
+        const workspaceDir = path.join(root.dir, ref);
+        const docMap = {
+            spec: '1-spec.yaml',
+            plan: '2-plan.yaml',
+            tasks: '3-tasks.yaml',
+            changelog: '4-changelog.yaml',
+            quality: '5-quality.yaml',
+        };
+        const requestedDocs = doc === 'all'
+            ? Object.keys(docMap)
+            : [doc];
+        const docs = {};
+        for (const docKey of requestedDocs) {
+            const filePath = path.join(workspaceDir, docMap[docKey]);
+            const content = await fs.readFile(filePath, 'utf-8').catch(() => '');
+            if (!content.trim()) {
+                docs[docKey] = null;
+                continue;
+            }
+            try {
+                docs[docKey] = parseYaml(content);
+            }
+            catch {
+                docs[docKey] = { parse_error: true };
+            }
+        }
+        return {
+            ref,
+            workspace_state: root.state,
+            workspace_path: path.relative(projectRoot, workspaceDir).replace(/\\/g, '/'),
+            docs,
+        };
+    }
+    planStartIntent(projectRoot, args) {
+        const refOrText = typeof args.refOrText === 'string' ? args.refOrText.trim() : '';
+        if (!refOrText) {
+            throw new Error('codesdd.start requires args.refOrText');
+        }
+        const commandArgs = ['sdd', 'start', refOrText, '--json'];
+        if (typeof args.scale === 'string' && ['QUICK', 'STANDARD', 'LARGE'].includes(args.scale)) {
+            commandArgs.push('--scale', args.scale);
+        }
+        if (typeof args.schema === 'string' && args.schema.trim()) {
+            commandArgs.push('--schema', args.schema.trim());
+        }
+        if (typeof args.flowMode === 'string' && ['direct', 'standard', 'rigorous'].includes(args.flowMode)) {
+            commandArgs.push('--flow-mode', args.flowMode);
+        }
+        if (args.force === true) {
+            commandArgs.push('--force');
+        }
+        if (args.forceTransition === true) {
+            commandArgs.push('--force-transition');
+        }
+        return {
+            action: 'start',
+            intent_only: true,
+            command: {
+                bin: process.execPath,
+                args: [path.join(projectRoot, 'bin', 'codesdd.js'), ...commandArgs],
+                cwd: projectRoot,
+            },
+            gate: {
+                executes_immediately: false,
+                required_flag: '--allow-mutation-execution',
+                ui_can_write_state_directly: false,
+            },
+        };
+    }
+    async inspectPlugin(args) {
+        const manifestPath = typeof args.manifestPath === 'string' ? args.manifestPath.trim() : '';
+        if (!manifestPath) {
+            throw new Error('codesdd.plugin.inspect requires args.manifestPath');
+        }
+        return inspectPluginManifestFromFile(manifestPath);
+    }
+    async planPlugin(args, applySandbox) {
+        const manifestPath = typeof args.manifestPath === 'string' ? args.manifestPath.trim() : '';
+        const featureRef = typeof args.featureRef === 'string' ? args.featureRef.trim() : '';
+        const capability = typeof args.capability === 'string' ? args.capability.trim() : '';
+        if (!manifestPath) {
+            throw new Error('codesdd.plugin.plan requires args.manifestPath');
+        }
+        if (!featureRef) {
+            throw new Error('codesdd.plugin.plan requires args.featureRef');
+        }
+        if (!capability) {
+            throw new Error('codesdd.plugin.plan requires args.capability');
+        }
+        const result = await planPluginInvocationFromFile(manifestPath, {
+            feature_ref: featureRef,
+            capability,
+            mode: applySandbox ? 'apply' : 'dry-run',
+            skill_ref: typeof args.skillRef === 'string' ? args.skillRef : undefined,
+            inputs: args.inputs && typeof args.inputs === 'object' && !Array.isArray(args.inputs)
+                ? args.inputs
+                : {},
+            requested_write_scope: parseStringArrayArg(args.writeScope),
+            approval_grants: parseStringArrayArg(args.approvalGrants),
+            operation_id: typeof args.operationId === 'string' ? args.operationId : undefined,
+            source_checksum: typeof args.sourceChecksum === 'string' ? args.sourceChecksum : undefined,
+            planned_writes: parseStringArrayArg(args.plannedWrites),
+            requested_env: parseStringArrayArg(args.requestedEnv),
+            network_domains: parseStringArrayArg(args.networkDomains),
+            process_spawn_requested: args.processSpawnRequested === true,
+            technology: args.technology && typeof args.technology === 'object' && !Array.isArray(args.technology)
+                ? args.technology
+                : undefined,
+        });
+        return applySandbox
+            ? {
+                action: 'plugin.apply_sandbox',
+                intent_only: true,
+                plan: result,
+                gate: {
+                    executes_immediately: false,
+                    required_flag: '--allow-mutation-execution',
+                    ui_can_write_state_directly: false,
+                },
+            }
+            : result;
+    }
+    async readQualityEvidence(projectRoot, args) {
+        const ref = typeof args.ref === 'string' ? args.ref.trim().toUpperCase() : '';
+        if (!ref) {
+            throw new Error('codesdd.quality.evidence requires args.ref');
+        }
+        const workspace = (await this.readWorkspaceDocs(projectRoot, {
+            ref,
+            doc: 'quality',
+        }));
+        const quality = workspace.docs?.quality;
+        if (!quality || typeof quality !== 'object') {
+            return {
+                ref: workspace.ref,
+                workspace_state: workspace.workspace_state,
+                workspace_path: workspace.workspace_path,
+                status: 'quality_document_not_found',
+                quality: null,
+            };
+        }
+        return {
+            ref: workspace.ref,
+            workspace_state: workspace.workspace_state,
+            workspace_path: workspace.workspace_path,
+            status: 'ok',
+            quality: {
+                coverage_targets: quality.coverage_targets ?? null,
+                evidence_log: quality.evidence_log ?? [],
+                skill_evidence: quality.skill_evidence ?? null,
+                acceptance_matrix: quality.acceptance_matrix ?? [],
+                exceptions: quality.exceptions ?? [],
+            },
+        };
+    }
+    async readAdrIndex(projectRoot, args) {
+        const ref = typeof args.ref === 'string' ? args.ref.trim().toUpperCase() : '';
+        const adrDir = path.join(projectRoot, '.sdd', 'core', 'adrs');
+        const names = await fs.readdir(adrDir).catch(() => []);
+        const files = names
+            .filter((name) => /^ADR-.*\.md$/u.test(name))
+            .sort();
+        const entries = await Promise.all(files.map(async (name) => {
+            const absolutePath = path.join(adrDir, name);
+            const relativePath = path.relative(projectRoot, absolutePath).replace(/\\/g, '/');
+            if (!ref) {
+                return {
+                    adr_id: name.replace(/\.md$/u, ''),
+                    path: relativePath,
+                    related_to_ref: false,
+                };
+            }
+            const content = await fs.readFile(absolutePath, 'utf-8').catch(() => '');
+            const related = content.toUpperCase().includes(ref);
+            return {
+                adr_id: name.replace(/\.md$/u, ''),
+                path: relativePath,
+                related_to_ref: related,
+            };
+        }));
+        return {
+            ref: ref || null,
+            total: entries.length,
+            matches: ref ? entries.filter((entry) => entry.related_to_ref) : entries,
+        };
+    }
+    planFinalizeIntent(projectRoot, args) {
+        const featureId = typeof args.featureId === 'string' ? args.featureId.trim() : '';
+        if (!featureId) {
+            throw new Error('codesdd.finalize_intent requires args.featureId');
+        }
+        return {
+            ...new GovernanceControlPlaneService().planMutationIntent(projectRoot, 'finalize', {
+                featureId,
+            }),
+        };
+    }
+    planFrontendImpactIntent(projectRoot, args) {
+        const featureId = typeof args.featureId === 'string' ? args.featureId.trim() : '';
+        const status = typeof args.status === 'string' ? args.status.trim() : '';
+        if (!featureId) {
+            throw new Error('codesdd.frontend_impact requires args.featureId');
+        }
+        if (!status) {
+            throw new Error('codesdd.frontend_impact requires args.status');
+        }
+        const params = {
+            featureId,
+            status,
+        };
+        if (typeof args.reason === 'string' && args.reason.trim()) {
+            params.reason = args.reason.trim();
+        }
+        const routes = parseStringArrayArg(args.routes).join(',');
+        if (routes) {
+            params.routes = routes;
+        }
+        const surfaces = parseStringArrayArg(args.surfaces).join(',');
+        if (surfaces) {
+            params.surfaces = surfaces;
+        }
+        return {
+            ...new GovernanceControlPlaneService().planMutationIntent(projectRoot, 'frontend-impact', params),
+        };
+    }
+    async buildSkillPrompt(projectRoot, args) {
+        return new SkillsInvokeService(this.stores).execute(projectRoot, {
+            ids: parseStringArrayArg(args.ids),
+            phase: typeof args.phase === 'string' ? args.phase : undefined,
+            domains: parseStringArrayArg(args.domains),
+            bundles: parseStringArrayArg(args.bundles),
+            max: typeof args.max === 'number' ? Math.max(1, Math.floor(args.max)) : undefined,
+            objective: typeof args.objective === 'string' ? args.objective : undefined,
+            ref: typeof args.ref === 'string' ? args.ref : undefined,
+        });
+    }
+}
+function parseStringArrayArg(input) {
+    if (Array.isArray(input)) {
+        return input
+            .filter((value) => typeof value === 'string')
+            .map((value) => value.trim())
+            .filter(Boolean);
+    }
+    if (typeof input === 'string') {
+        return input
+            .split(',')
+            .map((value) => value.trim())
+            .filter(Boolean);
+    }
+    return [];
 }
 //# sourceMappingURL=mcp-runtime.service.js.map