@jigyasudham/veto 0.8.3 → 1.1.0

package/dist/server.js

@@ -5,17 +5,29 @@
 process.removeAllListeners('warning');
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, ListPromptsRequestSchema, GetPromptRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { buildContextString } from './context/reader.js';
 import { saveSession, restoreSession, listSessions, getDbPath, saveCouncilOutcome, storeKnowledge, searchKnowledge, deleteKnowledge, updateProjectMap, getProjectMap, upsertPattern, getPatterns, } from './memory/local.js';
 import { exportMemory, importMemory } from './memory/sync.js';
 import { runDebate } from './council/index.js';
-import { routeTask, getRateStatus, recordOutcome, getLearningStats, applyLearnedThresholds, getAgentPerformanceStats, getTaskTypeBreakdown, getCouncilInsights } from './router/index.js';
+import { routeTask, getRateStatus, recordOutcome, getLearningStats, applyLearnedThresholds, getAgentPerformanceStats, getTaskTypeBreakdown, getCouncilInsights, getRecommendedAgent } from './router/index.js';
 import { executeParallel, executeOne } from './agents/executor.js';
 import { handoff, continueSession, getPlatformSetup } from './adapters/index.js';
-const VERSION = '0.8.0';
+import { startWatch, pollWatch, stopWatch } from './watcher/index.js';
+import { runPipeline } from './workflow/pipeline.js';
+import { loadPlugins, listPlugins } from './plugins/loader.js';
+import { readFileSync } from 'node:fs';
+import { extname, basename } from 'node:path';
+const VERSION = '1.1.0';
+// Tracks the project_dir of the most recently active session in this process.
+// Used as a fallback when memory_store/memory_search are called without an explicit project_dir,
+// so memories are automatically scoped to the current project.
+let activeProjectDir = null;
 const server = new Server({ name: 'veto', version: VERSION }, {
     capabilities: {
         tools: {},
+        resources: {},
+        prompts: {},
     },
 });
 // ─── Tool Definitions ─────────────────────────────────────────────────────────
@@ -75,6 +87,11 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                         type: 'string',
                         description: 'UUID of the session to restore.',
                     },
+                    resuming_as: {
+                        type: 'string',
+                        description: 'The AI client resuming this session (e.g. "claude", "gemini", "codex"). Recorded as active_client.',
+                        enum: ['claude', 'gemini', 'codex'],
+                    },
                 },
                 required: ['session_id'],
             },
@@ -158,6 +175,10 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                         type: 'string',
                         description: 'Optional: additional context such as codebase state, prior decisions, or constraints.',
                     },
+                    project_dir: {
+                        type: 'string',
+                        description: 'Optional: absolute path to the project directory. Veto will auto-read package.json, git diff, and stack info to give the council real project context.',
+                    },
                     session_id: {
                         type: 'string',
                         description: 'Optional: session ID to associate this council outcome with an active session.',
@@ -179,6 +200,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                     },
                     task: { type: 'string', description: 'The task for the agent to plan.' },
                     context: { type: 'string', description: 'Optional additional context.' },
+                    project_dir: { type: 'string', description: 'Optional: absolute path to the project directory. Auto-injects package.json, git diff, and stack info into the agent context.' },
                 },
                 required: ['agent', 'task'],
             },
@@ -195,6 +217,19 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                 required: ['code'],
             },
         },
+        {
+            name: 'veto_diff_review',
+            description: 'Reviews a git diff — runs code review, security scan, and secrets scan in parallel across all changed files. Returns a structured verdict (pass/warn/fail), per-file findings, and a CI-ready summary. Pass diff directly or let Veto read it from project_dir automatically.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    diff: { type: 'string', description: 'The git diff to review. If omitted, Veto runs git diff HEAD in project_dir.' },
+                    project_dir: { type: 'string', description: 'Absolute project path. Used to auto-read git diff if diff is not provided, and to inject codebase context.' },
+                    context: { type: 'string', description: 'Optional: PR description, ticket number, or focus area.' },
+                },
+                required: [],
+            },
+        },
         {
             name: 'veto_security_scan',
             description: 'Runs the Security Scanner (OWASP Top 10) on provided code. Returns vulnerabilities with severity, CWE/OWASP category, and remediation steps.',
@@ -235,10 +270,12 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                                 task: { type: 'string', description: 'Task description for this agent.' },
                                 code: { type: 'string', description: 'Optional code to analyze (triggers analyze() instead of plan()).' },
                                 context: { type: 'string', description: 'Optional additional context.' },
+                                project_dir: { type: 'string', description: 'Optional: per-task project dir override.' },
                             },
                             required: ['id', 'agent', 'task'],
                         },
                     },
+                    project_dir: { type: 'string', description: 'Optional: project directory applied to all tasks (per-task project_dir overrides this). Auto-injects codebase context.' },
                 },
                 required: ['tasks'],
             },
@@ -391,6 +428,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                     output_quality: { type: 'number', description: 'Output quality score 0–100. 90–100=excellent, 70–89=good, 50–69=acceptable, 30–49=poor, 0–29=failed.' },
                     agent: { type: 'string', description: 'The worker agent type used (optional but useful for agent performance tracking).' },
                     tokens_used: { type: 'number', description: 'Approximate tokens used (optional).' },
+                    file_ext: { type: 'string', description: 'File extension of the primary file worked on (e.g. ".ts", ".sql", ".tsx"). Enables predictive agent routing — next time you work on the same extension, veto_route_task will recommend the best agent.' },
                 },
                 required: ['task_type', 'complexity', 'model_tier', 'output_quality'],
             },
@@ -441,6 +479,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                 type: 'object',
                 properties: {
                     session_id: { type: 'string', description: 'Optional. Session ID from veto_handoff. If omitted, the most recent saved session is restored.' },
+                    resuming_as: { type: 'string', description: 'The AI client resuming this session (e.g. "gemini"). Recorded as active_client so you can track which tool is currently working on it.', enum: ['claude', 'gemini', 'codex'] },
                 },
                 required: [],
             },
@@ -457,6 +496,88 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                 required: ['platform', 'veto_server_path'],
             },
         },
+        {
+            name: 'veto_watch',
+            description: 'Starts a file watcher on a project directory. Returns a watch_id. Call veto_watch_poll to collect file-change events with recommended agents. Call veto_watch_stop when done.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    project_dir: { type: 'string', description: 'Absolute path to the project directory to watch.' },
+                },
+                required: ['project_dir'],
+            },
+        },
+        {
+            name: 'veto_watch_poll',
+            description: 'Polls for file-change events from an active watcher. Returns accumulated events since last poll (events are cleared on read). Each event includes the file, recommended agent, and suggested veto tool to call.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    watch_id: { type: 'string', description: 'The watch_id returned by veto_watch.' },
+                },
+                required: ['watch_id'],
+            },
+        },
+        {
+            name: 'veto_watch_stop',
+            description: 'Stops an active file watcher.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    watch_id: { type: 'string', description: 'The watch_id returned by veto_watch.' },
+                },
+                required: ['watch_id'],
+            },
+        },
+        {
+            name: 'veto_workflow',
+            description: 'Runs a sequential agent pipeline with optional pass/fail gates between steps. Each step runs a worker agent; if a gate score is set and the step confidence falls below it, the pipeline stops. Returns per-step results plus an overall verdict (passed/partial/failed).',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    steps: {
+                        type: 'array',
+                        description: 'Ordered pipeline steps.',
+                        items: {
+                            type: 'object',
+                            properties: {
+                                id: { type: 'string', description: 'Step identifier.' },
+                                agent: { type: 'string', description: 'Worker agent type.' },
+                                task: { type: 'string', description: 'Task description for this step.' },
+                                code: { type: 'string', description: 'Optional code to analyze.' },
+                                context: { type: 'string', description: 'Optional context.' },
+                                gate: { type: 'number', description: 'Optional minimum confidence % (0–100) required to proceed to the next step.' },
+                            },
+                            required: ['id', 'agent', 'task'],
+                        },
+                    },
+                    project_dir: { type: 'string', description: 'Optional project directory — auto-injects codebase context into all steps.' },
+                },
+                required: ['steps'],
+            },
+        },
+        {
+            name: 'veto_explain',
+            description: 'Reads a file and returns an expert explanation from the most appropriate agent (auto-detected from file extension and name). Pass depth to control detail level.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    file_path: { type: 'string', description: 'Absolute path to the file to explain.' },
+                    depth: { type: 'string', enum: ['overview', 'detailed', 'line-by-line'], description: 'Explanation depth. Default: overview.' },
+                    context: { type: 'string', description: 'Optional additional context about what you want explained.' },
+                },
+                required: ['file_path'],
+            },
+        },
+        {
+            name: 'veto_plugins',
+            description: 'Lists all custom agents loaded from ~/.veto/agents/. Drop a .js file there that exports plan(task, context?) to register a new agent available in veto_agent_plan and veto_execute_parallel.',
+            inputSchema: {
+                type: 'object',
+                properties: {},
+                required: [],
+            },
+        },
     ],
 }));
 // ─── Tool Handlers ────────────────────────────────────────────────────────────
@@ -483,12 +604,15 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             };
         }
         case 'veto_session_save': {
+            const sessionProjectDir = args?.project_dir ? String(args.project_dir) : undefined;
+            if (sessionProjectDir)
+                activeProjectDir = sessionProjectDir;
             const result = saveSession({
                 summary: String(args?.summary ?? ''),
                 context: String(args?.context ?? ''),
                 task_state: args?.task_state ? String(args.task_state) : undefined,
                 platform: args?.platform ? String(args.platform) : 'claude',
-                project_dir: args?.project_dir ? String(args.project_dir) : undefined,
+                project_dir: sessionProjectDir,
                 token_count: typeof args?.token_count === 'number' ? args.token_count : 0,
             });
             return {
@@ -506,7 +630,8 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         }
         case 'veto_session_restore': {
             const session_id = String(args?.session_id ?? '');
-            const result = restoreSession(session_id);
+            const resuming_as = args?.resuming_as ? String(args.resuming_as) : undefined;
+            const result = restoreSession(session_id, resuming_as);
             if (!result.found) {
                 return {
                     content: [
@@ -519,6 +644,8 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 };
             }
             const s = result.session;
+            if (s.project_dir)
+                activeProjectDir = s.project_dir;
             return {
                 content: [
                     {
@@ -526,7 +653,9 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                         text: JSON.stringify({
                             success: true,
                             session_id: s.id,
-                            platform: s.platform,
+                            created_by: s.platform,
+                            active_client: s.active_client ?? s.platform,
+                            last_resumed_at: s.last_resumed_at,
                             started_at: s.started_at,
                             ended_at: s.ended_at,
                             project_dir: s.project_dir,
@@ -563,20 +692,21 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             };
         }
         case 'veto_route_task': {
-            const result = routeTask(String(args?.task ?? ''), {
+            const routeTaskStr = String(args?.task ?? '');
+            const fileExt = args?.file_ext ? String(args.file_ext) : undefined;
+            const result = routeTask(routeTaskStr, {
                 agentType: args?.agent_type ? String(args.agent_type) : undefined,
                 filesAffected: typeof args?.files_affected === 'number' ? args.files_affected : undefined,
                 forceCouncil: args?.force_council === true,
                 context: args?.context ? String(args.context) : undefined,
                 preferredPlatform: args?.preferred_platform ? String(args.preferred_platform) : 'claude',
             });
+            const recommended_agent = getRecommendedAgent(routeTaskStr, fileExt);
             return {
-                content: [
-                    {
+                content: [{
                         type: 'text',
-                        text: JSON.stringify(result, null, 2),
-                    },
-                ],
+                        text: JSON.stringify({ ...result, recommended_agent }, null, 2),
+                    }],
             };
         }
         case 'veto_rate_status': {
@@ -600,6 +730,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             const result = await runDebate({
                 task,
                 context: args?.context ? String(args.context) : undefined,
+                project_dir: args?.project_dir ? String(args.project_dir) : undefined,
             });
             const outcomeId = saveCouncilOutcome({
                 session_id: args?.session_id ? String(args.session_id) : undefined,
@@ -645,11 +776,17 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (!task) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'task is required.' }) }], isError: true };
             }
-            const result = await executeOne({ id: 'plan-1', agent: agentType, task, context: args?.context ? String(args.context) : undefined });
+            const result = await executeOne({
+                id: 'plan-1',
+                agent: agentType,
+                task,
+                context: args?.context ? String(args.context) : undefined,
+                project_dir: args?.project_dir ? String(args.project_dir) : undefined,
+            });
             if (result.error) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, error: result.error }) }], isError: true };
             }
-            return { content: [{ type: 'text', text: JSON.stringify(result.plan ?? result.analysis, null, 2) }] };
+            return { content: [{ type: 'text', text: JSON.stringify({ ...(result.plan ?? result.analysis), output: result.output }, null, 2) }] };
         }
         case 'veto_code_review': {
             const code = String(args?.code ?? '').trim();
@@ -662,6 +799,92 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             }
             return { content: [{ type: 'text', text: JSON.stringify(result.analysis, null, 2) }] };
         }
+        case 'veto_diff_review': {
+            const projectDir = args?.project_dir ? String(args.project_dir) : undefined;
+            const userContext = args?.context ? String(args.context) : undefined;
+            // Resolve diff — use provided or read from git
+            let diff = args?.diff ? String(args.diff).trim() : '';
+            if (!diff && projectDir) {
+                const { execSync: execSyncDiff } = await import('node:child_process');
+                try {
+                    diff = execSyncDiff('git diff HEAD --no-color', {
+                        cwd: projectDir, timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'],
+                    }).toString().trim();
+                    if (!diff) {
+                        diff = execSyncDiff('git diff --cached --no-color', {
+                            cwd: projectDir, timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'],
+                        }).toString().trim();
+                    }
+                }
+                catch { /* not a git repo or no changes */ }
+            }
+            if (!diff) {
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'No diff provided and no git changes detected. Pass diff or point to a project_dir with uncommitted changes.' }) }], isError: true };
+            }
+            // Parse changed files from diff header lines
+            const changedFiles = [...diff.matchAll(/^diff --git a\/.+ b\/(.+)$/gm)].map(m => m[1]);
+            const diffChunks = diff.split(/^diff --git /m).filter(Boolean);
+            // Run code-review, security-scan, secrets-scan in parallel across the full diff
+            const context = buildContextString(projectDir, userContext);
+            const [reviewResult, secResult, secretsResult] = await Promise.all([
+                executeOne({ id: 'diff-review', agent: 'reviewer', task: 'Review this git diff for code quality issues', code: diff, context }),
+                executeOne({ id: 'diff-sec', agent: 'security-scanner', task: 'Scan this git diff for security vulnerabilities', code: diff, context }),
+                executeOne({ id: 'diff-secrets', agent: 'secrets', task: 'Scan this git diff for exposed secrets or credentials', code: diff }),
+            ]);
+            // Derive overall verdict
+            const hasBlocking = (reviewResult.analysis?.critical_count ?? 0) > 0
+                || (secResult.analysis?.critical_count ?? 0) > 0
+                || (secretsResult.analysis?.critical_count ?? 0) > 0;
+            const hasWarnings = (reviewResult.analysis?.high_count ?? 0) > 0
+                || (secResult.analysis?.high_count ?? 0) > 0;
+            const verdict = hasBlocking ? 'fail' : hasWarnings ? 'warn' : 'pass';
+            const verdictEmoji = verdict === 'pass' ? '✅ PASS' : verdict === 'warn' ? '⚠️  WARN' : '❌ FAIL';
+            // Per-file finding counts (approximate from line refs)
+            const fileFindings = {};
+            for (const f of changedFiles)
+                fileFindings[f] = 0;
+            for (const finding of [...(reviewResult.analysis?.findings ?? []), ...(secResult.analysis?.findings ?? [])]) {
+                const match = changedFiles.find(f => finding.location?.includes(f));
+                if (match)
+                    fileFindings[match]++;
+            }
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            verdict,
+                            verdict_label: verdictEmoji,
+                            files_changed: changedFiles.length,
+                            files: changedFiles,
+                            file_findings: fileFindings,
+                            code_review: {
+                                score: reviewResult.analysis?.score ?? null,
+                                verdict: reviewResult.analysis?.verdict ?? null,
+                                critical: reviewResult.analysis?.critical_count ?? 0,
+                                high: reviewResult.analysis?.high_count ?? 0,
+                                findings: reviewResult.analysis?.findings ?? [],
+                            },
+                            security: {
+                                score: secResult.analysis?.score ?? null,
+                                verdict: secResult.analysis?.verdict ?? null,
+                                critical: secResult.analysis?.critical_count ?? 0,
+                                high: secResult.analysis?.high_count ?? 0,
+                                findings: secResult.analysis?.findings ?? [],
+                            },
+                            secrets: {
+                                verdict: secretsResult.analysis?.verdict ?? null,
+                                findings: secretsResult.analysis?.findings ?? [],
+                            },
+                            summary: [
+                                `${verdictEmoji} — ${changedFiles.length} file(s) changed`,
+                                `Code: ${reviewResult.analysis?.verdict ?? 'n/a'} (score ${reviewResult.analysis?.score ?? '?'}/100)`,
+                                `Security: ${secResult.analysis?.verdict ?? 'n/a'} — ${secResult.analysis?.critical_count ?? 0} critical, ${secResult.analysis?.high_count ?? 0} high`,
+                                `Secrets: ${(secretsResult.analysis?.findings?.length ?? 0) > 0 ? '🔴 Exposed credentials detected' : '✅ Clean'}`,
+                            ].join('\n'),
+                        }, null, 2),
+                    }],
+            };
+        }
         case 'veto_security_scan': {
             const code = String(args?.code ?? '').trim();
             if (!code) {
@@ -689,12 +912,14 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (rawTasks.length === 0) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'tasks array is required and must not be empty.' }) }], isError: true };
             }
+            const parallelProjectDir = args?.project_dir ? String(args.project_dir) : undefined;
             const tasks = rawTasks.map((t) => ({
                 id: String(t.id ?? ''),
                 agent: String(t.agent ?? ''),
                 task: String(t.task ?? ''),
                 code: t.code ? String(t.code) : undefined,
                 context: t.context ? String(t.context) : undefined,
+                project_dir: t.project_dir ? String(t.project_dir) : parallelProjectDir,
             }));
             const results = await executeParallel(tasks);
             return {
@@ -708,7 +933,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                                 agent: r.agent,
                                 duration_ms: r.duration_ms,
                                 error: r.error,
-                                output: r.plan ?? r.analysis,
+                                output: { ...(r.plan ?? r.analysis), structured: r.output },
                             })),
                         }, null, 2),
                     }],
@@ -725,7 +950,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 content,
                 type: args?.type ? String(args.type) : 'solution',
                 tags: Array.isArray(args?.tags) ? args.tags.map(String) : undefined,
-                project_dir: args?.project_dir ? String(args.project_dir) : undefined,
+                project_dir: args?.project_dir ? String(args.project_dir) : (activeProjectDir ?? undefined),
                 session_id: args?.session_id ? String(args.session_id) : undefined,
                 relevance: typeof args?.relevance === 'number' ? args.relevance : 1.0,
             });
@@ -735,7 +960,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             const results = searchKnowledge({
                 query: args?.query ? String(args.query) : undefined,
                 type: args?.type ? String(args.type) : undefined,
-                project_dir: args?.project_dir ? String(args.project_dir) : undefined,
+                project_dir: args?.project_dir ? String(args.project_dir) : (activeProjectDir ?? undefined),
                 limit: typeof args?.limit === 'number' ? args.limit : 10,
             });
             return {
@@ -854,16 +1079,20 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             return { content: [{ type: 'text', text: result.instructions + '\n\n' + JSON.stringify({ session_id: result.session_id, to_platform: result.to_platform, saved_at: result.saved_at, reason: result.reason }, null, 2) }] };
         }
         case 'veto_continue': {
-            const result = continueSession(args?.session_id ? String(args.session_id) : undefined);
+            const resuming_as = args?.resuming_as ? String(args.resuming_as) : undefined;
+            const result = continueSession(args?.session_id ? String(args.session_id) : undefined, resuming_as);
             if (!result.found) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: result.message }, null, 2) }], isError: true };
             }
+            if (result.project_dir)
+                activeProjectDir = result.project_dir;
             return {
                 content: [{
                         type: 'text',
                         text: result.message + '\n\n' + JSON.stringify({
                             session_id: result.session_id,
-                            platform: result.platform,
+                            created_by: result.platform,
+                            active_client: result.active_client ?? result.platform,
                             summary: result.summary,
                             context: result.context,
                             task_state: result.task_state,
@@ -892,7 +1121,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (!task_type) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'task_type is required.' }) }], isError: true };
             }
-            recordOutcome(task_type, complexity, model_tier, args?.agent ? String(args.agent) : 'dynamic', output_quality, typeof args?.tokens_used === 'number' ? args.tokens_used : 0);
+            recordOutcome(task_type, complexity, model_tier, args?.agent ? String(args.agent) : 'dynamic', output_quality, typeof args?.tokens_used === 'number' ? args.tokens_used : 0, args?.file_ext ? String(args.file_ext) : undefined);
             const stats = getLearningStats();
             return { content: [{ type: 'text', text: JSON.stringify({ success: true, message: 'Outcome recorded.', total_outcomes: stats.total_tasks, next_step: stats.total_tasks >= 20 ? 'You have 20+ outcomes. Call veto_learning_apply to update router thresholds.' : `Need ${20 - stats.total_tasks} more outcomes before veto_learning_apply can adjust thresholds.` }, null, 2) }] };
         }
@@ -931,15 +1160,272 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             const result = importMemory(args?.input_path ? String(args.input_path) : undefined);
             return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
         }
+        case 'veto_watch': {
+            const dir = String(args?.project_dir ?? '').trim();
+            if (!dir)
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'project_dir is required.' }) }], isError: true };
+            const watch_id = startWatch(dir);
+            return { content: [{ type: 'text', text: JSON.stringify({ success: true, watch_id, project_dir: dir, message: `Watching "${dir}". Call veto_watch_poll with watch_id to collect events.` }, null, 2) }] };
+        }
+        case 'veto_watch_poll': {
+            const watch_id = String(args?.watch_id ?? '').trim();
+            if (!watch_id)
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'watch_id is required.' }) }], isError: true };
+            const result = pollWatch(watch_id);
+            if (!result.found)
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: `No active watcher with id: ${watch_id}` }) }], isError: true };
+            return { content: [{ type: 'text', text: JSON.stringify({ success: true, watch_id, project_dir: result.project_dir, event_count: result.events.length, events: result.events }, null, 2) }] };
+        }
+        case 'veto_watch_stop': {
+            const watch_id = String(args?.watch_id ?? '').trim();
+            if (!watch_id)
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'watch_id is required.' }) }], isError: true };
+            const stopped = stopWatch(watch_id);
+            return { content: [{ type: 'text', text: JSON.stringify({ success: stopped, message: stopped ? `Watcher ${watch_id} stopped.` : `No watcher found with id: ${watch_id}` }, null, 2) }] };
+        }
+        case 'veto_workflow': {
+            const rawSteps = Array.isArray(args?.steps) ? args.steps : [];
+            if (rawSteps.length === 0)
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'steps array is required and must not be empty.' }) }], isError: true };
+            const steps = rawSteps.map((s) => ({
+                id: String(s.id ?? ''),
+                agent: String(s.agent ?? ''),
+                task: String(s.task ?? ''),
+                code: s.code ? String(s.code) : undefined,
+                context: s.context ? String(s.context) : undefined,
+                gate: typeof s.gate === 'number' ? s.gate : undefined,
+            }));
+            const result = await runPipeline(steps, args?.project_dir ? String(args.project_dir) : undefined);
+            return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+        }
+        case 'veto_explain': {
+            const filePath = String(args?.file_path ?? '').trim();
+            if (!filePath)
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'file_path is required.' }) }], isError: true };
+            let fileContent;
+            try {
+                fileContent = readFileSync(filePath, 'utf8');
+            }
+            catch {
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: `Cannot read file: ${filePath}` }) }], isError: true };
+            }
+            const ext = extname(filePath).toLowerCase();
+            const name_ = basename(filePath).toLowerCase();
+            const depth = String(args?.depth ?? 'overview');
+            // auto-detect best agent
+            let agent = 'coder';
+            if (['.tsx', '.jsx', '.vue', '.svelte'].includes(ext))
+                agent = 'frontend';
+            else if (['.sql', '.prisma'].includes(ext) || name_.includes('schema'))
+                agent = 'database';
+            else if (/\.(test|spec)\.(ts|js|tsx|jsx)$/.test(name_))
+                agent = 'tester';
+            else if (['.yaml', '.yml', '.toml', '.dockerfile'].includes(ext) || name_ === 'dockerfile')
+                agent = 'devops';
+            else if (name_.includes('auth') || name_.includes('login') || name_.includes('jwt') || name_.includes('token'))
+                agent = 'auth';
+            else if (name_.includes('security') || name_.includes('crypt'))
+                agent = 'security-scanner';
+            else if (['.ts', '.js', '.mjs'].includes(ext))
+                agent = 'coder';
+            const userContext = args?.context ? String(args.context) : undefined;
+            const task = `Explain this ${ext} file at ${depth} depth. File: ${basename(filePath)}${userContext ? `. Focus: ${userContext}` : ''}`;
+            const result = await executeOne({ id: 'explain-1', agent, task, code: fileContent, project_dir: undefined });
+            return {
+                content: [{ type: 'text', text: JSON.stringify({
+                            file: filePath, agent_used: agent, depth,
+                            explanation: result.plan ?? result.analysis,
+                            output: result.output,
+                        }, null, 2) }],
+            };
+        }
+        case 'veto_plugins': {
+            return { content: [{ type: 'text', text: JSON.stringify({ plugins: listPlugins(), plugin_dir: `${process.env.HOME ?? process.env.USERPROFILE}/.veto/agents/`, instructions: 'Drop a .js file exporting plan(task, context?) to register a custom agent.' }, null, 2) }] };
+        }
         default:
             throw new Error(`Unknown tool: ${name}`);
     }
 });
+// ─── MCP Resources ─────────────────────────────────────────────────────────────
+server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+    resources: [
+        {
+            uri: 'veto://sessions',
+            name: 'Saved Sessions',
+            description: 'List of all saved Veto sessions across AI platforms.',
+            mimeType: 'application/json',
+        },
+        {
+            uri: 'veto://project-map',
+            name: 'Project Map',
+            description: 'Stored project structure maps. Append ?dir=<absolute_path> to filter by project.',
+            mimeType: 'application/json',
+        },
+        {
+            uri: 'veto://memory',
+            name: 'Knowledge Base',
+            description: 'All stored knowledge entries. Append ?q=<query> to search.',
+            mimeType: 'application/json',
+        },
+        {
+            uri: 'veto://patterns',
+            name: 'Learned Patterns',
+            description: 'Coding patterns Veto has learned from your sessions.',
+            mimeType: 'application/json',
+        },
+    ],
+}));
+server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+    const uri = request.params.uri;
+    const url = new URL(uri);
+    if (url.host === 'sessions') {
+        const sessions = listSessions(50);
+        return {
+            contents: [{
+                    uri,
+                    mimeType: 'application/json',
+                    text: JSON.stringify(sessions.map(s => ({
+                        id: s.id, platform: s.platform, summary: s.summary,
+                        project_dir: s.project_dir, started_at: s.started_at,
+                    })), null, 2),
+                }],
+        };
+    }
+    if (url.host === 'project-map') {
+        const dir = url.searchParams.get('dir') ?? '';
+        if (dir) {
+            const row = getProjectMap(dir);
+            return {
+                contents: [{
+                        uri,
+                        mimeType: 'application/json',
+                        text: JSON.stringify(row ?? { found: false }, null, 2),
+                    }],
+            };
+        }
+        return { contents: [{ uri, mimeType: 'application/json', text: '{"message":"Append ?dir=<absolute_path> to get a specific project map."}' }] };
+    }
+    if (url.host === 'memory') {
+        const q = url.searchParams.get('q') ?? undefined;
+        const results = searchKnowledge({ query: q, limit: 20 });
+        return {
+            contents: [{
+                    uri,
+                    mimeType: 'application/json',
+                    text: JSON.stringify(results.map(r => ({
+                        id: r.id, type: r.type, title: r.title,
+                        content: r.content, tags: r.tags ? JSON.parse(r.tags) : [],
+                    })), null, 2),
+                }],
+        };
+    }
+    if (url.host === 'patterns') {
+        const patterns = getPatterns(undefined, 50);
+        return {
+            contents: [{
+                    uri,
+                    mimeType: 'application/json',
+                    text: JSON.stringify(patterns.map(p => ({
+                        key: p.pattern_key, val: p.pattern_val,
+                        confidence: p.confidence, seen_count: p.seen_count,
+                    })), null, 2),
+                }],
+        };
+    }
+    throw new Error(`Unknown resource: ${uri}`);
+});
+// ─── MCP Prompts ───────────────────────────────────────────────────────────────
+const PROMPTS = [
+    {
+        name: 'code-review',
+        description: 'Full code review prompt — paste code, get scored findings with severity and fixes.',
+        arguments: [
+            { name: 'code', description: 'The code to review.', required: true },
+            { name: 'focus', description: 'Optional focus area (e.g. security, performance, style).', required: false },
+        ],
+    },
+    {
+        name: 'security-audit',
+        description: 'OWASP Top 10 security audit — scans code for vulnerabilities with CWE references.',
+        arguments: [
+            { name: 'code', description: 'The code to audit.', required: true },
+            { name: 'language', description: 'Language or framework (e.g. TypeScript, Express).', required: false },
+        ],
+    },
+    {
+        name: 'deploy-checklist',
+        description: 'Pre-deploy checklist debate — council reviews your deployment plan.',
+        arguments: [
+            { name: 'plan', description: 'Your deployment plan or change description.', required: true },
+            { name: 'environment', description: 'Target environment (prod, staging, etc.).', required: false },
+        ],
+    },
+    {
+        name: 'explain-file',
+        description: 'Expert explanation of a file — routes to the best-fit agent based on file type.',
+        arguments: [
+            { name: 'file_path', description: 'Absolute path to the file to explain.', required: true },
+            { name: 'depth', description: 'Explanation depth: overview | detailed | line-by-line.', required: false },
+        ],
+    },
+];
+server.setRequestHandler(ListPromptsRequestSchema, async () => ({ prompts: PROMPTS }));
+server.setRequestHandler(GetPromptRequestSchema, async (request) => {
+    const { name, arguments: pArgs } = request.params;
+    if (name === 'code-review') {
+        const code = pArgs?.code ?? '<paste code here>';
+        const focus = pArgs?.focus ? ` Focus on: ${pArgs.focus}.` : '';
+        return {
+            description: PROMPTS[0].description,
+            messages: [{
+                    role: 'user',
+                    content: { type: 'text', text: `Use veto_code_review to review this code.${focus}\n\n\`\`\`\n${code}\n\`\`\`` },
+                }],
+        };
+    }
+    if (name === 'security-audit') {
+        const code = pArgs?.code ?? '<paste code here>';
+        const lang = pArgs?.language ? ` Language/framework: ${pArgs.language}.` : '';
+        return {
+            description: PROMPTS[1].description,
+            messages: [{
+                    role: 'user',
+                    content: { type: 'text', text: `Use veto_security_scan to audit this code for OWASP Top 10 vulnerabilities.${lang}\n\n\`\`\`\n${code}\n\`\`\`` },
+                }],
+        };
+    }
+    if (name === 'deploy-checklist') {
+        const plan = pArgs?.plan ?? '<describe your deployment plan>';
+        const env = pArgs?.environment ? ` Target environment: ${pArgs.environment}.` : '';
+        return {
+            description: PROMPTS[2].description,
+            messages: [{
+                    role: 'user',
+                    content: { type: 'text', text: `Use veto_council_debate to review this deployment plan before we ship.${env}\n\nPlan: ${plan}` },
+                }],
+        };
+    }
+    if (name === 'explain-file') {
+        const filePath = pArgs?.file_path ?? '<absolute file path>';
+        const depth = pArgs?.depth ?? 'overview';
+        return {
+            description: PROMPTS[3].description,
+            messages: [{
+                    role: 'user',
+                    content: { type: 'text', text: `Read the file at "${filePath}" and use veto_agent_plan with the most appropriate agent (frontend for .tsx/.vue, database for .sql, backend for services, coder for general) to give a ${depth}-level explanation of what it does, how it works, and any concerns.` },
+                }],
+        };
+    }
+    throw new Error(`Unknown prompt: ${name}`);
+});
 // ─── Start ─────────────────────────────────────────────────────────────────────
 async function main() {
+    const loadedPlugins = await loadPlugins();
+    if (loadedPlugins.length > 0) {
+        process.stderr.write(`[veto] Loaded ${loadedPlugins.length} plugin(s): ${loadedPlugins.join(', ')}\n`);
+    }
     const transport = new StdioServerTransport();
     await server.connect(transport);
-    // stderr so it doesn't pollute MCP stdio
     process.stderr.write(`Veto MCP server v${VERSION} running (stdio)\n`);
 }
 main().catch((err) => {