@martinloop/mcp 0.1.1 → 0.1.2

package/README.md

@@ -1,15 +1,24 @@
 # @martinloop/mcp
-
-Martin Loop's installable Model Context Protocol server.
-
-It exposes three MCP tools over stdio:
-
-- `martin_run`
-- `martin_inspect`
-- `martin_status`
-
-## Quickstart
-
+
+Governed MCP server for AI coding agents with hard budgets, verifier gates, policy checks, and inspectable run records.
+
+Martin Loop helps MCP hosts run AI coding work inside a bounded runtime instead of an open-ended retry loop. The standalone MCP package exposes three focused tools over stdio:
+
+- `martin_run`
+- `martin_inspect`
+- `martin_status`
+
+## What's new in 0.1.2
+
+- `martin_inspect` now reads both canonical `loop-record.json` runs and legacy `.jsonl` run-store files
+- `martin_status` now supports `file`, `loopId`, `runsDir`, and `latest` selectors in addition to inline `loopJson`
+- `martin_run` now persists loop records by default in the MCP path and preserves `allowedPaths`, `deniedPaths`, and resolved `repoRoot`
+- the packaged tarball now rebuilds vendored workspace dependencies before packing, so `npm` installs match current source instead of stale `dist/` output
+- the packaged artifact now rebuilds and vendors the Martin runtime dependencies needed by the standalone MCP server
+- release validation now includes both a packed-tarball smoke and a published-artifact smoke
+
+## Quickstart
+
 Run the packaged server directly:
 
 ```sh
@@ -26,34 +35,123 @@ claude mcp add --scope user martin-loop -- npx @martinloop/mcp
 claude mcp add --scope user martin-loop cmd /c "npx @martinloop/mcp"
 ```
 
-For clients that want explicit command/args:
+Generic stdio configuration for non-Claude clients:
+
+```json
+{
+  "type": "stdio",
+  "command": "npx",
+  "args": ["@martinloop/mcp"]
+}
+```
+
+## What the tools do
+
+- `martin_run`: runs a governed coding loop with budget caps, verifier commands, engine selection, path scoping, and persisted loop records
+- `martin_inspect`: reads Martin Loop run-store data from a canonical `loop-record.json`, a legacy `.jsonl` file, or a full runs directory
+- `martin_status`: evaluates remaining budget pressure and stop conditions from inline JSON, a saved loop record, a loop id, or the latest persisted run
+
+## Requirements
+
+- Node 20+
+- For live runs, either the `claude` CLI or the `codex` CLI must be on `PATH`
+- For dry-run and smoke-test flows, set `MARTIN_LIVE=false`
+
+Live `martin_run` delegates to the configured CLI adapter. If no supported CLI is installed, use the stub path for testing:
+
+```sh
+MARTIN_LIVE=false npx @martinloop/mcp
+```
+
+## Tool examples
+
+### `martin_run`
+
+Example request body:
+
+```json
+{
+  "objective": "Fix the auth regression and prove it with tests",
+  "engine": "codex",
+  "budgetUsd": 3,
+  "softLimitUsd": 2.25,
+  "maxIterations": 3,
+  "verificationPlan": ["pnpm test --filter auth"],
+  "workingDirectory": ".",
+  "allowedPaths": ["src/**", "tests/**"],
+  "deniedPaths": [".env*", "secrets/**"]
+}
+```
+
+### `martin_inspect`
+
+Inspect the default run store:
+
+```json
+{}
+```
+
+Inspect a legacy JSONL file directly:
+
+```json
+{
+  "file": "C:/Users/you/.martin/runs/workspace.jsonl"
+}
+```
+
+Inspect a canonical runs directory:
+
+```json
+{
+  "runsDir": "C:/Users/you/.martin/runs"
+}
+```
+
+### `martin_status`
+
+Status for the latest saved run:
+
+```json
+{
+  "latest": true
+}
+```
+
+Status for a specific persisted loop:
+
+```json
+{
+  "loopId": "loop-123",
+  "runsDir": "C:/Users/you/.martin/runs"
+}
+```
+
+## Official MCP Registry
+
+This package is prepared for the official MCP Registry metadata flow:
 
-- Command: `npx`
-- Args: `@martinloop/mcp`
-
-## Official MCP Registry
-
-This package is prepared for the official MCP Registry metadata flow:
-
 - npm package: `@martinloop/mcp`
-- registry server name: `io.github.keesan12/martin-loop`
-- manifest file: `packages/mcp/server.json`
-
-The official registry publish flow is separate from npm publication. After publishing the package to npm, run the publisher from `packages/mcp`:
-
-```sh
-mcp-publisher login github
-mcp-publisher publish
-```
-
-## Local Verification
-
-From the repository root:
-
-```sh
-pnpm --filter @martinloop/mcp build
+- registry server name: `io.github.keesan12/martin-loop`
+- manifest file: `packages/mcp/server.json`
+
+The official registry publish flow is separate from npm publication. After publishing the package to npm, run the publisher from `packages/mcp`:
+
+```sh
+mcp-publisher login github
+mcp-publisher publish
+```
+
+## Local verification
+
+From the repository root:
+
+```sh
+pnpm --filter @martinloop/mcp lint
 pnpm --filter @martinloop/mcp test
+pnpm --filter @martinloop/mcp build
 pnpm --filter @martinloop/mcp smoke:pack
-```
-
-`smoke:pack` packs the tarball, launches it through `npx`, performs the MCP handshake, lists tools, and verifies a `martin_status` call.
+pnpm --filter @martinloop/mcp smoke:published
+```
+
+- `smoke:pack` validates the local packed tarball before publish
+- `smoke:published` validates the npm-published artifact through `npm exec`

package/dist/server-validation.d.ts

@@ -0,0 +1,10 @@
+type ToolName = "martin_run" | "martin_inspect" | "martin_status";
+export declare function validateToolInput(name: ToolName, args: unknown): unknown;
+export declare function sanitizeToolErrorMessage(error: unknown): string;
+export declare function resolveSafeRepoRoot(repoRoot?: string, workspaceRoot?: string): string;
+export declare function resolveSafeRunsJsonPath(file: string, runsRoot?: string): string;
+export declare function resolveSafeRunsPath(file: string, runsRoot?: string): string;
+export declare function resolveSafeRunsRootPath(runsRoot?: string, fallbackRunsRoot?: string): string;
+export declare function resolveSafeLoopRecordPath(loopId: string, runsRoot?: string): string;
+export declare function normalizeSafePathPatterns(value: unknown, name: string): string[] | undefined;
+export {};

package/dist/server-validation.js

@@ -0,0 +1,234 @@
+import { extname, isAbsolute, relative, resolve } from "node:path";
+import { resolveRunsRoot } from "./vendor/core/index.js";
+export function validateToolInput(name, args) {
+    switch (name) {
+        case "martin_run":
+            return validateRunInput(args);
+        case "martin_inspect":
+            return validateInspectInput(args);
+        case "martin_status":
+            return validateStatusInput(args);
+        default:
+            throw new Error(`Unknown tool: ${name}`);
+    }
+}
+export function sanitizeToolErrorMessage(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return /([A-Za-z]:\\|\/|policy\.rego|policy\.wasm|\.pem|\.env)/u.test(message)
+        ? "Tool execution failed."
+        : message;
+}
+export function resolveSafeRepoRoot(repoRoot, workspaceRoot = process.env.MARTIN_MCP_WORKSPACE_ROOT ?? process.cwd()) {
+    const baseRoot = resolve(workspaceRoot);
+    const candidate = repoRoot ? resolve(baseRoot, repoRoot) : baseRoot;
+    assertPathWithinRoot(candidate, baseRoot, "workingDirectory");
+    return candidate;
+}
+export function resolveSafeRunsJsonPath(file, runsRoot = resolveRunsRoot(process.env)) {
+    const baseRoot = resolve(runsRoot);
+    const candidate = resolve(baseRoot, file);
+    assertPathWithinRoot(candidate, baseRoot, "file");
+    const extension = extname(candidate).toLowerCase();
+    if (extension !== ".json" && extension !== ".jsonl") {
+        throw new Error("Invalid file.");
+    }
+    return candidate;
+}
+export function resolveSafeRunsPath(file, runsRoot = resolveRunsRoot(process.env)) {
+    const baseRoot = resolve(runsRoot);
+    const candidate = resolve(baseRoot, file);
+    assertPathWithinRoot(candidate, baseRoot, "file");
+    const extension = extname(candidate).toLowerCase();
+    if (extension && extension !== ".json" && extension !== ".jsonl") {
+        throw new Error("Invalid file.");
+    }
+    return candidate;
+}
+export function resolveSafeRunsRootPath(runsRoot, fallbackRunsRoot = resolveRunsRoot(process.env)) {
+    const baseRoot = resolve(fallbackRunsRoot);
+    const candidate = runsRoot ? resolve(baseRoot, runsRoot) : baseRoot;
+    assertPathWithinRoot(candidate, baseRoot, "runsDir");
+    return candidate;
+}
+export function resolveSafeLoopRecordPath(loopId, runsRoot = resolveRunsRoot(process.env)) {
+    const normalizedLoopId = requireLoopId(loopId, "loopId");
+    return resolveSafeRunsJsonPath(`${normalizedLoopId}/loop-record.json`, runsRoot);
+}
+export function normalizeSafePathPatterns(value, name) {
+    const paths = optionalStringArray(value, name);
+    if (!paths) {
+        return undefined;
+    }
+    return paths.map((pattern) => {
+        const normalized = pattern.replace(/\\/gu, "/").trim();
+        if (normalized.length === 0 ||
+            normalized.startsWith("/") ||
+            /^[A-Za-z]:\//u.test(normalized) ||
+            normalized.split("/").includes("..")) {
+            throw new Error(`Invalid ${name}.`);
+        }
+        return normalized;
+    });
+}
+function validateRunInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, [
+        "objective",
+        "workingDirectory",
+        "engine",
+        "model",
+        "maxUsd",
+        "maxIterations",
+        "maxTokens",
+        "verificationPlan",
+        "allowedPaths",
+        "deniedPaths",
+        "workspaceId",
+        "projectId"
+    ]);
+    const engine = optionalEnum(record.engine, "engine", ["claude", "codex"]);
+    return {
+        objective: requireString(record.objective, "objective"),
+        ...(record.workingDirectory !== undefined
+            ? { workingDirectory: resolveSafeRepoRoot(requireString(record.workingDirectory, "workingDirectory")) }
+            : {}),
+        ...(engine ? { engine } : {}),
+        ...optionalString(record.model, "model"),
+        ...optionalPositiveNumber(record.maxUsd, "maxUsd"),
+        ...optionalPositiveInteger(record.maxIterations, "maxIterations"),
+        ...optionalPositiveInteger(record.maxTokens, "maxTokens"),
+        ...optionalStringArrayAsObject(record.verificationPlan, "verificationPlan"),
+        ...optionalPathPatternArrayAsObject(record.allowedPaths, "allowedPaths"),
+        ...optionalPathPatternArrayAsObject(record.deniedPaths, "deniedPaths"),
+        ...optionalString(record.workspaceId, "workspaceId"),
+        ...optionalString(record.projectId, "projectId")
+    };
+}
+function validateInspectInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["file", "runsDir"]);
+    return {
+        ...(record.file !== undefined
+            ? { file: resolveSafeRunsPath(requireString(record.file, "file")) }
+            : {}),
+        ...(record.runsDir !== undefined
+            ? { runsDir: resolveSafeRunsRootPath(requireString(record.runsDir, "runsDir")) }
+            : {})
+    };
+}
+function validateStatusInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["loopJson", "file", "loopId", "runsDir", "latest"]);
+    const selectors = [
+        record.loopJson !== undefined ? "loopJson" : null,
+        record.file !== undefined ? "file" : null,
+        record.loopId !== undefined ? "loopId" : null,
+        record.latest !== undefined ? "latest" : null
+    ].filter((value) => value !== null);
+    if (selectors.length !== 1) {
+        throw new Error("Provide exactly one of loopJson, file, loopId, or latest.");
+    }
+    if (record.latest !== undefined && record.latest !== true) {
+        throw new Error("Invalid latest.");
+    }
+    return {
+        ...(record.loopJson !== undefined
+            ? { loopJson: requireString(record.loopJson, "loopJson") }
+            : {}),
+        ...(record.file !== undefined
+            ? { file: resolveSafeRunsPath(requireString(record.file, "file")) }
+            : {}),
+        ...(record.loopId !== undefined
+            ? { loopId: requireLoopId(record.loopId, "loopId") }
+            : {}),
+        ...(record.runsDir !== undefined
+            ? { runsDir: resolveSafeRunsRootPath(requireString(record.runsDir, "runsDir")) }
+            : {}),
+        ...(record.latest === true ? { latest: true } : {})
+    };
+}
+function requireObject(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error("Tool arguments must be an object.");
+    }
+    return value;
+}
+function assertAllowedKeys(record, allowed) {
+    const unknownKeys = Object.keys(record).filter((key) => !allowed.includes(key));
+    if (unknownKeys.length > 0) {
+        throw new Error(`Unknown arguments: ${unknownKeys.join(", ")}`);
+    }
+}
+function assertPathWithinRoot(candidatePath, rootPath, name) {
+    const relativePath = relative(rootPath, candidatePath);
+    if (relativePath === "" || relativePath === ".") {
+        return;
+    }
+    if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+        throw new Error(`Invalid ${name}.`);
+    }
+}
+function requireString(value, name) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        throw new Error(`Invalid ${name}.`);
+    }
+    return value.trim();
+}
+function requireLoopId(value, name) {
+    const loopId = requireString(value, name);
+    if (!/^[A-Za-z0-9._-]+$/u.test(loopId)) {
+        throw new Error(`Invalid ${name}.`);
+    }
+    return loopId;
+}
+function optionalString(value, name) {
+    if (value === undefined) {
+        return {};
+    }
+    return { [name]: requireString(value, name) };
+}
+function optionalPositiveNumber(value, name) {
+    if (value === undefined) {
+        return {};
+    }
+    if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) {
+        throw new Error(`Invalid ${name}.`);
+    }
+    return { [name]: value };
+}
+function optionalPositiveInteger(value, name) {
+    if (value === undefined) {
+        return {};
+    }
+    if (typeof value !== "number" || !Number.isInteger(value) || value <= 0) {
+        throw new Error(`Invalid ${name}.`);
+    }
+    return { [name]: value };
+}
+function optionalStringArray(value, name) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(value)) {
+        throw new Error(`Invalid ${name}.`);
+    }
+    return value.map((item) => requireString(item, name));
+}
+function optionalStringArrayAsObject(value, name) {
+    const values = optionalStringArray(value, name);
+    return values ? { [name]: values } : {};
+}
+function optionalPathPatternArrayAsObject(value, name) {
+    const values = normalizeSafePathPatterns(value, name);
+    return values ? { [name]: values } : {};
+}
+function optionalEnum(value, name, allowed) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value !== "string" || !allowed.includes(value)) {
+        throw new Error(`Invalid ${name}.`);
+    }
+    return value;
+}
+//# sourceMappingURL=server-validation.js.map

package/dist/server.js

@@ -23,7 +23,8 @@ import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprot
 import { getStatusTool } from "./tools/get-status.js";
 import { inspectLoopTool } from "./tools/inspect-loop.js";
 import { runLoopTool } from "./tools/run-loop.js";
-const server = new Server({ name: "martin-loop", version: "0.1.1" }, { capabilities: { tools: {} } });
+import { sanitizeToolErrorMessage, validateToolInput } from "./server-validation.js";
+const server = new Server({ name: "martin-loop", version: "0.1.2" }, { capabilities: { tools: {} } });
 // ---------------------------------------------------------------------------
 // Tool manifest
 // ---------------------------------------------------------------------------
@@ -69,6 +70,16 @@ server.setRequestHandler(ListToolsRequestSchema, () => ({
                         items: { type: "string" },
                         description: "Shell commands that must all exit 0 for the task to be considered complete (e.g. ['pnpm test', 'pnpm build'])."
                     },
+                    allowedPaths: {
+                        type: "array",
+                        items: { type: "string" },
+                        description: "Relative path globs Martin may modify, such as ['src/**', 'tests/**']."
+                    },
+                    deniedPaths: {
+                        type: "array",
+                        items: { type: "string" },
+                        description: "Relative path globs Martin must never modify, such as ['.env', 'docs/security/**']."
+                    },
                     workspaceId: {
                         type: "string",
                         description: "Workspace identifier for telemetry. Defaults to 'ws_mcp'."
@@ -83,30 +94,48 @@ server.setRequestHandler(ListToolsRequestSchema, () => ({
         },
         {
             name: "martin_inspect",
-            description: "Summarise a saved Martin loop record file. Reads a JSON file containing one or more LoopRecords and returns portfolio-level statistics: total spend, avoided spend, token counts, and loop counts.",
+            description: "Summarise Martin Loop run records from a saved loop file or run-store directory. Supports canonical loop-record.json files, legacy JSONL files, and full runs directories.",
             inputSchema: {
                 type: "object",
                 properties: {
                     file: {
                         type: "string",
-                        description: "Absolute or relative path to a LoopRecord JSON file."
+                        description: "Optional path under the Martin runs root to a loop-record.json file, a legacy .jsonl file, or a run-store directory."
+                    },
+                    runsDir: {
+                        type: "string",
+                        description: "Optional Martin runs directory. Defaults to MARTIN_RUNS_DIR or ~/.martin/runs."
                     }
-                },
-                required: ["file"]
+                }
             }
         },
         {
             name: "martin_status",
-            description: "Return the current budget and cost state of a Martin loop record. Useful for monitoring in-progress or completed loops.",
+            description: "Return the current budget and cost state of a Martin loop record. Accepts inline JSON, a saved loop file, a loopId under the run store, or the latest run in the store.",
             inputSchema: {
                 type: "object",
                 properties: {
                     loopJson: {
                         type: "string",
                         description: "JSON-serialized LoopRecord."
+                    },
+                    file: {
+                        type: "string",
+                        description: "Optional path under the Martin runs root to a loop-record.json file, a legacy .jsonl file, or a run-store directory."
+                    },
+                    loopId: {
+                        type: "string",
+                        description: "Optional Martin loop ID. Loads <runsDir>/<loopId>/loop-record.json."
+                    },
+                    runsDir: {
+                        type: "string",
+                        description: "Optional Martin runs directory. Defaults to MARTIN_RUNS_DIR or ~/.martin/runs."
+                    },
+                    latest: {
+                        type: "boolean",
+                        description: "When true, loads the most recently updated loop record in the runs directory."
                     }
-                },
-                required: ["loopJson"]
+                }
             }
         }
     ]
@@ -118,18 +147,18 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
     try {
         if (name === "martin_run") {
-            const input = args;
+            const input = validateToolInput("martin_run", args);
             const output = await runLoopTool(input);
             return { content: [{ type: "text", text: JSON.stringify(output, null, 2) }] };
         }
         if (name === "martin_inspect") {
-            const input = args;
+            const input = validateToolInput("martin_inspect", args);
             const output = await inspectLoopTool(input);
             return { content: [{ type: "text", text: JSON.stringify(output, null, 2) }] };
         }
         if (name === "martin_status") {
-            const input = args;
-            const output = getStatusTool(input);
+            const input = validateToolInput("martin_status", args);
+            const output = await getStatusTool(input);
             return { content: [{ type: "text", text: JSON.stringify(output, null, 2) }] };
         }
         return {
@@ -138,7 +167,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         };
     }
     catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
+        const message = sanitizeToolErrorMessage(error);
         return {
             content: [{ type: "text", text: `Tool error: ${message}` }],
             isError: true

package/dist/tools/get-status.d.ts

@@ -1,6 +1,14 @@
 export interface GetStatusInput {
     /** JSON-serialized LoopRecord. */
-    loopJson: string;
+    loopJson?: string;
+    /** Optional path to a JSON, JSONL, or run-store directory under the Martin runs root. */
+    file?: string;
+    /** Optional loop identifier under the Martin runs root. */
+    loopId?: string;
+    /** Optional Martin runs directory. Defaults to MARTIN_RUNS_DIR or ~/.martin/runs. */
+    runsDir?: string;
+    /** Load the newest loop record from the runs directory. */
+    latest?: boolean;
 }
 export interface GetStatusOutput {
     loopId: string;
@@ -15,4 +23,4 @@ export interface GetStatusOutput {
     remainingIterations: number;
     remainingTokens: number;
 }
-export declare function getStatusTool(input: GetStatusInput): GetStatusOutput;
+export declare function getStatusTool(input: GetStatusInput): Promise<GetStatusOutput>;

package/dist/tools/get-status.js

@@ -1,9 +1,16 @@
 import { evaluateCostGovernor } from "../vendor/core/index.js";
-export function getStatusTool(input) {
-    const loop = JSON.parse(input.loopJson);
+import { loadLoopRecordForStatus } from "./run-store.js";
+export async function getStatusTool(input) {
+    const resolved = await loadLoopRecordForStatus(input);
+    const loop = resolved.loop;
     const costState = evaluateCostGovernor({
         budget: loop.budget,
-        cost: loop.cost,
+        cost: {
+            actualUsd: loop.cost.actualUsd,
+            avoidedUsd: loop.cost.avoidedUsd ?? 0,
+            tokensIn: loop.cost.tokensIn,
+            tokensOut: loop.cost.tokensOut
+        },
         attemptsUsed: loop.attempts.length
     });
     return {
@@ -12,7 +19,7 @@ export function getStatusTool(input) {
         lifecycleState: loop.lifecycleState,
         attempts: loop.attempts.length,
         costUsd: loop.cost.actualUsd,
-        avoidedUsd: loop.cost.avoidedUsd,
+        avoidedUsd: loop.cost.avoidedUsd ?? 0,
         pressure: costState.pressure,
         shouldStop: costState.shouldStop,
         remainingBudgetUsd: costState.remainingBudgetUsd,

package/dist/tools/inspect-loop.d.ts

@@ -1,7 +1,9 @@
 import { type PortfolioSnapshot } from "../vendor/contracts/index.js";
 export interface InspectLoopInput {
-    /** Absolute or relative path to a JSON file containing a LoopRecord or LoopRecord[]. */
-    file: string;
+    /** Optional path to a JSON, JSONL, or run-store directory under the Martin runs root. */
+    file?: string;
+    /** Optional Martin runs directory. Defaults to MARTIN_RUNS_DIR or ~/.martin/runs. */
+    runsDir?: string;
 }
 export interface InspectLoopOutput {
     source: string;

package/dist/tools/inspect-loop.js

@@ -1,13 +1,10 @@
-import { readFile } from "node:fs/promises";
 import { buildPortfolioSnapshot } from "../vendor/contracts/index.js";
+import { loadLoopRecordsForInspect } from "./run-store.js";
 export async function inspectLoopTool(input) {
-    const raw = await readFile(input.file, "utf8");
-    const parsed = JSON.parse(raw);
-    const loops = Array.isArray(parsed)
-        ? parsed
-        : [parsed];
+    const inspection = await loadLoopRecordsForInspect(input);
+    const loops = inspection.loops;
     return {
-        source: input.file,
+        source: inspection.source,
         loopCount: loops.length,
         portfolio: buildPortfolioSnapshot(loops)
     };

package/dist/tools/run-loop.d.ts

@@ -7,6 +7,8 @@ export interface RunLoopInput {
     maxIterations?: number;
     maxTokens?: number;
     verificationPlan?: string[];
+    allowedPaths?: string[];
+    deniedPaths?: string[];
     workspaceId?: string;
     projectId?: string;
 }

package/dist/tools/run-loop.js

@@ -1,10 +1,13 @@
 import { createClaudeCliAdapter, createCodexCliAdapter, createStubDirectProviderAdapter } from "../vendor/adapters/index.js";
-import { runMartin } from "../vendor/core/index.js";
+import { createFileRunStore, resolveRunsRoot, runMartin } from "../vendor/core/index.js";
 import { DEFAULT_BUDGET } from "../vendor/contracts/index.js";
+import { normalizeSafePathPatterns, resolveSafeRepoRoot } from "../server-validation.js";
 export async function runLoopTool(input) {
-    const workingDirectory = input.workingDirectory ?? process.cwd();
+    const workingDirectory = resolveSafeRepoRoot(input.workingDirectory);
     const engine = input.engine ?? "claude";
     const model = input.model;
+    const allowedPaths = normalizeSafePathPatterns(input.allowedPaths, "allowedPaths");
+    const deniedPaths = normalizeSafePathPatterns(input.deniedPaths, "deniedPaths");
     const adapter = process.env.MARTIN_LIVE === "false"
         ? createStubDirectProviderAdapter({ label: "Stub adapter (MARTIN_LIVE=false)", providerId: "stub", model: "stub" })
         : engine === "codex"
@@ -27,10 +30,14 @@ export async function runLoopTool(input) {
     const result = await runMartin({
         workspaceId: input.workspaceId ?? "ws_mcp",
         projectId: input.projectId ?? "proj_mcp",
+        store: createFileRunStore({ runsRoot: resolveRunsRoot(process.env) }),
         task: {
             title: input.objective.slice(0, 100),
             objective: input.objective,
-            verificationPlan: input.verificationPlan ?? []
+            verificationPlan: input.verificationPlan ?? [],
+            repoRoot: workingDirectory,
+            ...(allowedPaths ? { allowedPaths } : {}),
+            ...(deniedPaths ? { deniedPaths } : {})
         },
         budget,
         adapter