@martinloop/mcp 0.2.5 → 0.3.0

package/dist/resources.js

@@ -3,6 +3,8 @@ import { MARTIN_MCP_PACKAGE_VERSION } from "./package-version.js";
 import { inspectLoopTool } from "./tools/inspect-loop.js";
 import { martinDoctorTool } from "./tools/doctor.js";
 import { martinTriageRunsTool } from "./tools/triage-runs.js";
+import { martinRunDossierTool } from "./tools/run-dossier.js";
+import { inspectRepoSignals, buildPolicyPackDefinition, buildRepoRiskMap } from "./tools/workflow-governance.js";
 import { buildAttemptSnapshot, buildPersistedLoopPreview, buildVerificationHistorySnapshot, parseAttemptIndex, resolveMartinDiscoveryContext, toPrettyJson } from "./discovery-support.js";
 import { loadDetailedLoopRecord, readLedgerEvents } from "./tools/run-store.js";
 import { invalidArgumentsError, MartinToolError } from "./tools/tool-errors.js";
@@ -10,13 +12,21 @@ export const MARTIN_STATIC_RESOURCE_URIS = {
     serverHealth: "martin://server/health",
     recentRuns: "martin://runs/recent",
     triage: "martin://runs/triage",
+    latestRun: "martin://runs/latest",
     latestSummary: "martin://runs/latest/summary",
     latestProofCard: "martin://runs/latest/proof-card",
     latestBudgetStatus: "martin://runs/latest/budget-status",
     latestVerifierEvidence: "martin://runs/latest/verifier-evidence",
     latestRollbackEvidence: "martin://runs/latest/rollback-evidence",
+    currentPolicies: "martin://policies/current",
+    repoRiskMap: "martin://repo/risk-map",
+    verifierResults: "martin://verifiers/results",
     agentNextStep: "martin://agent/next-step",
     mcpUsageGuide: "martin://guides/mcp-usage",
+    agentStartGuide: "martin://guides/agent-start",
+    commandMapGuide: "martin://guides/command-map",
+    ideOnboardingGuide: "martin://guides/ide-onboarding",
+    operatingRulesGuide: "martin://guides/operating-rules",
     publishReadinessGuide: "martin://guides/publish-readiness"
 };
 export const MARTIN_RESOURCE_TEMPLATES = [
@@ -26,6 +36,12 @@ export const MARTIN_RESOURCE_TEMPLATES = [
         uriTemplate: "martin://runs/{loopId}",
         description: "Read a canonical Martin loop record using the same selector path as martin_status."
     },
+    {
+        name: "martin_run_dossier_resource",
+        title: "Martin Run Dossier",
+        uriTemplate: "martin://runs/{loopId}/dossier",
+        description: "Read the dossier-shaped summary for a persisted Martin loop."
+    },
     {
         name: "martin_run_attempt",
         title: "Martin Run Attempt",
@@ -61,6 +77,13 @@ export const MARTIN_STATIC_RESOURCES = [
         description: "Priority-ranked Martin runs that likely need attention.",
         mimeType: "application/json"
     },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.latestRun,
+        name: "martin_latest_run",
+        title: "Martin Latest Run",
+        description: "Full latest-run dossier surface for agents that need more than the compact summary.",
+        mimeType: "application/json"
+    },
     {
         uri: MARTIN_STATIC_RESOURCE_URIS.latestSummary,
         name: "martin_latest_summary",
@@ -96,6 +119,27 @@ export const MARTIN_STATIC_RESOURCES = [
         description: "Compact rollback and artifact evidence for the latest run.",
         mimeType: "application/json"
     },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.currentPolicies,
+        name: "martin_current_policies",
+        title: "Martin Current Policies",
+        description: "Local policy-pack presets and the recommended default pack for the current repo.",
+        mimeType: "application/json"
+    },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.repoRiskMap,
+        name: "martin_repo_risk_map",
+        title: "Martin Repo Risk Map",
+        description: "Sensitive repo surfaces and the recommended policy pack for this workspace.",
+        mimeType: "application/json"
+    },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.verifierResults,
+        name: "martin_latest_verifier_results",
+        title: "Martin Latest Verifier Results",
+        description: "Latest verifier results alias for compact run evidence.",
+        mimeType: "application/json"
+    },
     {
         uri: MARTIN_STATIC_RESOURCE_URIS.agentNextStep,
         name: "martin_agent_next_step",
@@ -110,6 +154,34 @@ export const MARTIN_STATIC_RESOURCES = [
         description: "Recommended workflow for using Martin Loop over MCP.",
         mimeType: "text/markdown"
     },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.agentStartGuide,
+        name: "martin_agent_start_guide",
+        title: "Martin Agent Start Guide",
+        description: "Short agent-facing guide for using Martin with minimal context and low tool bloat.",
+        mimeType: "text/markdown"
+    },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.commandMapGuide,
+        name: "martin_command_map_guide",
+        title: "Martin Command Map Guide",
+        description: "Command-by-command guide for choosing the right Martin tool or surface.",
+        mimeType: "text/markdown"
+    },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.ideOnboardingGuide,
+        name: "martin_ide_onboarding_guide",
+        title: "Martin IDE Onboarding Guide",
+        description: "IDE-facing setup guide for making MartinLoop part of the default MCP workflow.",
+        mimeType: "text/markdown"
+    },
+    {
+        uri: MARTIN_STATIC_RESOURCE_URIS.operatingRulesGuide,
+        name: "martin_operating_rules_guide",
+        title: "Martin Operating Rules",
+        description: "Built-in operating rules that tell agents when Martin commands must be used before work proceeds.",
+        mimeType: "text/markdown"
+    },
     {
         uri: MARTIN_STATIC_RESOURCE_URIS.publishReadinessGuide,
         name: "martin_publish_readiness_guide",
@@ -147,6 +219,8 @@ export async function readMartinResource(input) {
             const triage = await martinTriageRunsTool({ runsDir: context.runsRoot });
             return jsonResource(input.uri, withDiscoveryMetadata(triage, context.runsRoot));
         }
+        case MARTIN_STATIC_RESOURCE_URIS.latestRun:
+            return jsonResource(input.uri, withDiscoveryMetadata(await martinRunDossierTool({ latest: true, runsDir: context.runsRoot }), context.runsRoot));
         case MARTIN_STATIC_RESOURCE_URIS.latestSummary:
             return jsonResource(input.uri, withDiscoveryMetadata(await buildLatestSummaryResource(context.runsRoot), context.runsRoot));
         case MARTIN_STATIC_RESOURCE_URIS.latestProofCard:
@@ -157,10 +231,24 @@ export async function readMartinResource(input) {
             return jsonResource(input.uri, withDiscoveryMetadata(await buildLatestVerifierEvidenceResource(context.runsRoot), context.runsRoot));
         case MARTIN_STATIC_RESOURCE_URIS.latestRollbackEvidence:
             return jsonResource(input.uri, withDiscoveryMetadata(await buildLatestRollbackEvidenceResource(context.runsRoot), context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.currentPolicies:
+            return jsonResource(input.uri, withDiscoveryMetadata(buildCurrentPoliciesResource(context.workingDirectory), context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.repoRiskMap:
+            return jsonResource(input.uri, withDiscoveryMetadata(buildRepoRiskMap(inspectRepoSignals(context.workingDirectory)), context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.verifierResults:
+            return jsonResource(input.uri, withDiscoveryMetadata(await buildLatestVerifierEvidenceResource(context.runsRoot), context.runsRoot));
         case MARTIN_STATIC_RESOURCE_URIS.agentNextStep:
             return jsonResource(input.uri, withDiscoveryMetadata(await buildAgentNextStepResource(context.runsRoot), context.runsRoot));
         case MARTIN_STATIC_RESOURCE_URIS.mcpUsageGuide:
             return textResource(input.uri, "text/markdown", buildMcpUsageGuide(context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.agentStartGuide:
+            return textResource(input.uri, "text/markdown", buildAgentStartGuide(context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.commandMapGuide:
+            return textResource(input.uri, "text/markdown", buildCommandMapGuide(context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.ideOnboardingGuide:
+            return textResource(input.uri, "text/markdown", buildIdeOnboardingGuide(context.runsRoot));
+        case MARTIN_STATIC_RESOURCE_URIS.operatingRulesGuide:
+            return textResource(input.uri, "text/markdown", buildOperatingRulesGuide(context.runsRoot));
         case MARTIN_STATIC_RESOURCE_URIS.publishReadinessGuide:
             return textResource(input.uri, "text/markdown", buildPublishReadinessGuide(context.runsRoot));
         default:
@@ -203,6 +291,12 @@ async function readDynamicMartinResource(input) {
             warnings: [...detail.warnings, ...verification.warnings]
         }, input.runsDir));
     }
+    const dossierMatch = /^martin:\/\/runs\/([^/]+)\/dossier$/u.exec(input.uri);
+    if (dossierMatch?.[1]) {
+        const loopId = decodeURIComponent(dossierMatch[1]);
+        const dossier = await martinRunDossierTool({ loopId, runsDir: input.runsDir });
+        return jsonResource(input.uri, withDiscoveryMetadata(dossier, input.runsDir));
+    }
     const attemptMatch = /^martin:\/\/runs\/([^/]+)\/attempts\/([^/]+)$/u.exec(input.uri);
     if (attemptMatch?.[1] && attemptMatch[2]) {
         const loopId = decodeURIComponent(attemptMatch[1]);
@@ -244,7 +338,7 @@ async function loadLatestRunForCompactResource(runsRoot) {
                 empty: true,
                 warnings: [
                     "No Martin run records were found yet.",
-                    "Run `npx martin-loop demo`, then run a governed task or set MARTIN_LIVE=false for a no-spend local proof run."
+                    "Run `npx martin-loop demo`, then run `npx martin-loop run ... --proof --verify <command>` for a no-spend local proof pass."
                 ]
             };
         }
@@ -254,7 +348,7 @@ async function loadLatestRunForCompactResource(runsRoot) {
 async function buildLatestSummaryResource(runsRoot) {
     const latest = await loadLatestRunForCompactResource(runsRoot);
     if (latest.empty || !latest.detail) {
-        return compactEmptyState("latest-summary", latest.warnings);
+        return compactEmptyState("latest-summary", runsRoot, latest.warnings);
     }
     const ledgerEvents = await readLedgerEvents(latest.detail);
     const loop = latest.detail.loop;
@@ -294,7 +388,7 @@ async function buildLatestSummaryResource(runsRoot) {
 async function buildLatestBudgetStatusResource(runsRoot) {
     const latest = await loadLatestRunForCompactResource(runsRoot);
     if (latest.empty || !latest.detail) {
-        return compactEmptyState("budget-status", latest.warnings);
+        return compactEmptyState("budget-status", runsRoot, latest.warnings);
     }
     const loop = latest.detail.loop;
     const preview = buildPersistedLoopPreview(loop);
@@ -325,7 +419,7 @@ async function buildLatestBudgetStatusResource(runsRoot) {
 async function buildLatestVerifierEvidenceResource(runsRoot) {
     const latest = await loadLatestRunForCompactResource(runsRoot);
     if (latest.empty || !latest.detail) {
-        return compactEmptyState("verifier-evidence", latest.warnings);
+        return compactEmptyState("verifier-evidence", runsRoot, latest.warnings);
     }
     const ledgerEvents = await readLedgerEvents(latest.detail);
     const loop = latest.detail.loop;
@@ -348,7 +442,7 @@ async function buildLatestVerifierEvidenceResource(runsRoot) {
 async function buildLatestRollbackEvidenceResource(runsRoot) {
     const latest = await loadLatestRunForCompactResource(runsRoot);
     if (latest.empty || !latest.detail) {
-        return compactEmptyState("rollback-evidence", latest.warnings);
+        return compactEmptyState("rollback-evidence", runsRoot, latest.warnings);
     }
     const loop = latest.detail.loop;
     const artifacts = loop.artifacts ?? [];
@@ -374,7 +468,7 @@ async function buildAgentNextStepResource(runsRoot) {
     const latest = await loadLatestRunForCompactResource(runsRoot);
     if (latest.empty || !latest.detail) {
         return {
-            ...compactEmptyState("agent-next-step", latest.warnings),
+            ...compactEmptyState("agent-next-step", runsRoot, latest.warnings),
             nextTool: "martin_doctor",
             reason: "No run store evidence exists yet; confirm environment and run-store visibility first."
         };
@@ -398,8 +492,17 @@ async function buildAgentNextStepResource(runsRoot) {
                     ? "failed"
                     : "unavailable"
         },
+        requiredWorkflow: [
+            "martin_doctor",
+            "martin_plan",
+            "martin_preflight",
+            "martin_run",
+            "martin_dossier",
+            "martin_eval"
+        ],
         preferredResource: MARTIN_STATIC_RESOURCE_URIS.latestSummary,
-        proofCard: MARTIN_STATIC_RESOURCE_URIS.latestProofCard
+        proofCard: MARTIN_STATIC_RESOURCE_URIS.latestProofCard,
+        operatingRules: MARTIN_STATIC_RESOURCE_URIS.operatingRulesGuide
     };
 }
 async function buildLatestProofCardResource(runsRoot) {
@@ -452,15 +555,30 @@ async function buildLatestProofCardResource(runsRoot) {
         ""
     ].join("\n");
 }
-function compactEmptyState(kind, warnings) {
+function compactEmptyState(kind, runsRoot, warnings) {
     return {
         kind,
         status: "empty",
+        runsRoot,
         summary: "No Martin run records are available yet.",
-        nextStep: "Run `martin doctor`, create the demo workspace with `npx martin-loop demo`, then run a no-spend stub task with MARTIN_LIVE=false.",
+        nextStep: "Run `npx martin-loop doctor`, create the demo workspace with `npx martin-loop demo`, then run `npx martin-loop run ... --proof --verify <command>`.",
         warnings
     };
 }
+function buildCurrentPoliciesResource(workingDirectory) {
+    const signals = inspectRepoSignals(workingDirectory);
+    const recommended = buildPolicyPackDefinition(undefined, signals);
+    return {
+        recommended: recommended.name,
+        packs: [
+            buildPolicyPackDefinition("solo-founder", signals),
+            buildPolicyPackDefinition("startup-team", signals),
+            buildPolicyPackDefinition("enterprise-strict", signals),
+            buildPolicyPackDefinition("oss-maintainer", signals),
+            buildPolicyPackDefinition("security-sensitive", signals)
+        ]
+    };
+}
 function describePrevention(loop) {
     const prevented = [];
     const latestAttempt = loop.attempts.at(-1);
@@ -506,13 +624,13 @@ function inferAgentNextStep(loop, verification) {
         instruction: "Call `martin_preflight` with explicit verifier, budget, and path scope before the next run."
     };
 }
-function buildMcpUsageGuide(_runsRoot) {
+function buildMcpUsageGuide(runsRoot) {
     const metadata = buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION);
     return `# Martin Loop MCP Usage
 
 Discovery revision: \`${metadata.discoveryRevision}\`
 Server version: \`${metadata.serverVersion}\`
-Runs root: inspect \`${MARTIN_STATIC_RESOURCE_URIS.serverHealth}\` when you need the active local path.
+Runs root: \`${runsRoot}\`
 
 Martin Loop exposes governed coding workflows over MCP. Use the server health and run-store views to decide when to preflight, execute, inspect, or escalate.
 
@@ -529,7 +647,7 @@ Martin Loop exposes governed coding workflows over MCP. Use the server health an
 ## Current Martin MCP Surface
 
 - Tools: \`martin_run\`, \`martin_inspect\`, \`martin_status\`, \`martin_doctor\`, \`martin_preflight\`, \`martin_list_runs\`, \`martin_triage_runs\`, \`martin_get_run\`, \`martin_get_attempt\`, \`martin_get_verification_results\`, \`martin_run_dossier\`
-- Static resources: \`${MARTIN_STATIC_RESOURCE_URIS.serverHealth}\`, \`${MARTIN_STATIC_RESOURCE_URIS.recentRuns}\`, \`${MARTIN_STATIC_RESOURCE_URIS.triage}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestSummary}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestProofCard}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestBudgetStatus}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestVerifierEvidence}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestRollbackEvidence}\`, \`${MARTIN_STATIC_RESOURCE_URIS.agentNextStep}\`, \`${MARTIN_STATIC_RESOURCE_URIS.mcpUsageGuide}\`, \`${MARTIN_STATIC_RESOURCE_URIS.publishReadinessGuide}\`
+- Static resources: \`${MARTIN_STATIC_RESOURCE_URIS.serverHealth}\`, \`${MARTIN_STATIC_RESOURCE_URIS.recentRuns}\`, \`${MARTIN_STATIC_RESOURCE_URIS.triage}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestSummary}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestProofCard}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestBudgetStatus}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestVerifierEvidence}\`, \`${MARTIN_STATIC_RESOURCE_URIS.latestRollbackEvidence}\`, \`${MARTIN_STATIC_RESOURCE_URIS.agentNextStep}\`, \`${MARTIN_STATIC_RESOURCE_URIS.mcpUsageGuide}\`, \`${MARTIN_STATIC_RESOURCE_URIS.agentStartGuide}\`, \`${MARTIN_STATIC_RESOURCE_URIS.publishReadinessGuide}\`
 - Resource templates: \`martin://runs/{loopId}\`, \`martin://runs/{loopId}/attempts/{attemptIndex}\`, \`martin://runs/{loopId}/verification\`
 - Prompts: \`martin_start\`, \`martin_preflight\`, \`martin_triage\`, \`martin_resume\`, \`martin_prove\`, \`martin_release_check\`, \`martin_governed_coding_kickoff\`, \`martin_debug_failed_run\`, \`martin_publish_readiness_review\`, \`martin_triage_run_store\`
 
@@ -540,13 +658,125 @@ Martin Loop exposes governed coding workflows over MCP. Use the server health an
 - Attempt inspection stays aligned with the same loop selectors used by \`martin_status\` and \`martin_inspect\`.
 `;
 }
-function buildPublishReadinessGuide(_runsRoot) {
+function buildAgentStartGuide(runsRoot) {
+    const metadata = buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION);
+    return `# Agent Start Here
+
+Discovery revision: \`${metadata.discoveryRevision}\`
+Server version: \`${metadata.serverVersion}\`
+Runs root: \`${runsRoot}\`
+
+Use Martin Loop as the local governor before you spend agent tokens or retry a failed coding loop.
+
+## Cheap Default Flow
+
+1. Read \`${MARTIN_STATIC_RESOURCE_URIS.agentNextStep}\` first. It is the smallest "what should I do now?" payload.
+2. If no runs exist, call \`martin_doctor\`, then \`martin_preflight\`.
+3. If a run exists, read \`${MARTIN_STATIC_RESOURCE_URIS.latestSummary}\` before reading full run JSON.
+4. If the verifier failed, use prompt \`martin_debug_failed_run\` or \`martin_triage\`.
+5. If you need a shareable receipt, read \`${MARTIN_STATIC_RESOURCE_URIS.latestProofCard}\`.
+
+## Install Profiles
+
+- \`minimal\` (default): doctor, preflight, list, triage, dossier. Good for low tool bloat.
+- \`diagnostic\`: read-only inspection tools for debugging without execution.
+- \`full-local\`: all local tools, including \`martin_run\`.
+- \`github-review\`: review-oriented local profile for PR drafting and reviewer evidence.
+- \`starter\` and \`full\`: compatibility aliases.
+
+## Copy-Paste Agent Rule
+
+Before running or retrying an autonomous coding task, call Martin. Prefer compact resources first, then full dossiers only when the compact receipt says more evidence is needed. Never claim success unless Martin shows verifier-backed completion or a clear blocked reason.
+`;
+}
+function buildCommandMapGuide(runsRoot) {
+    const metadata = buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION);
+    return `# Martin Command Map
+
+Discovery revision: \`${metadata.discoveryRevision}\`
+Server version: \`${metadata.serverVersion}\`
+Runs root: \`${runsRoot}\`
+
+Use this guide when an IDE or agent needs to know which Martin surface to call next.
+
+## Default Governed Sequence
+
+1. \`martin_doctor\` — confirm environment and visibility.
+2. \`martin_plan\` — propose the bounded approach without spending a run.
+3. \`martin_preflight\` — turn the plan into an explicit contract.
+4. \`martin_run\` — execute only after the contract is safe.
+5. \`martin_dossier\` — inspect what happened and what Martin prevented.
+6. \`martin_eval\` — convert the result into review posture when needed.
+
+## When To Use Which Surface
+
+- Need the smallest next action: \`${MARTIN_STATIC_RESOURCE_URIS.agentNextStep}\`
+- Need a quick receipt: \`${MARTIN_STATIC_RESOURCE_URIS.latestSummary}\`
+- Need a shareable proof object: \`${MARTIN_STATIC_RESOURCE_URIS.latestProofCard}\`
+- Need a full run review: \`martin_dossier\`
+- Need to decide whether to retry: \`martin_triage_runs\`
+- Need IDE setup guidance: \`${MARTIN_STATIC_RESOURCE_URIS.ideOnboardingGuide}\`
+`;
+}
+function buildIdeOnboardingGuide(runsRoot) {
+    const metadata = buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION);
+    return `# Martin IDE Onboarding
+
+Discovery revision: \`${metadata.discoveryRevision}\`
+Server version: \`${metadata.serverVersion}\`
+Runs root: \`${runsRoot}\`
+
+Use this guide after the MCP server is installed so the host naturally uses MartinLoop during real work.
+
+## IDE Default Flow
+
+1. Read \`${MARTIN_STATIC_RESOURCE_URIS.agentStartGuide}\`
+2. Read \`${MARTIN_STATIC_RESOURCE_URIS.operatingRulesGuide}\`
+3. Use prompt \`martin_start\` or \`martin_governed_coding_kickoff\`
+4. Call \`martin_doctor\`
+5. Call \`martin_plan\`
+6. Call \`martin_preflight\`
+7. Only then call \`martin_run\`
+
+## Goal
+
+MartinLoop should become the normal path for coding work in the host, not a manual extra step the human has to remember.
+`;
+}
+function buildOperatingRulesGuide(runsRoot) {
+    const metadata = buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION);
+    return `# Martin Operating Rules
+
+Discovery revision: \`${metadata.discoveryRevision}\`
+Server version: \`${metadata.serverVersion}\`
+Runs root: \`${runsRoot}\`
+
+Use these rules inside the IDE or MCP host as the default MartinLoop operating posture.
+
+## Required Sequence Before Real Work
+
+1. \`martin_doctor\`
+2. \`martin_plan\`
+3. \`martin_preflight\`
+4. \`martin_run\`
+5. \`martin_dossier\`
+
+## Enforcement Rule
+
+Do not execute real coding work through MartinLoop until doctor and preflight have both been used for the current task.
+
+## Completion Rule
+
+Do not claim success until MartinLoop shows verifier-backed completion or an explicit blocked reason backed by evidence.
+`;
+}
+function buildPublishReadinessGuide(runsRoot) {
     const metadata = buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION);
     return `# Martin MCP Publish Readiness
 
 Discovery revision: \`${metadata.discoveryRevision}\`
 Server version: \`${metadata.serverVersion}\`
-Runs root: inspect \`${MARTIN_STATIC_RESOURCE_URIS.serverHealth}\` when you need the active local path.
+Runs root: \`${runsRoot}\`
 
 Use this guide when reviewing whether the public MCP package is ready to publish, promote, or hand off for registry submission.
 
@@ -565,10 +795,11 @@ Use this guide when reviewing whether the public MCP package is ready to publish
 - If a discovery helper exists but is not yet wired into the server, report that as an integration gap instead of treating the capability as fully shipped.
 `;
 }
-function withDiscoveryMetadata(value, _runsRoot) {
+function withDiscoveryMetadata(value, runsRoot) {
     return {
         metadata: {
-            ...buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION)
+            ...buildMartinDiscoveryMetadata(MARTIN_MCP_PACKAGE_VERSION),
+            ...(runsRoot ? { runsRoot } : {})
         },
         value
     };

package/dist/server-validation.d.ts

@@ -1,7 +1,8 @@
-type ToolName = "martin_run" | "martin_inspect" | "martin_status" | "martin_doctor" | "martin_preflight" | "martin_list_runs" | "martin_triage_runs" | "martin_get_run" | "martin_get_attempt" | "martin_get_verification_results" | "martin_run_dossier";
+type ToolName = "martin_run" | "martin_inspect" | "martin_status" | "martin_doctor" | "martin_plan" | "martin_preflight" | "martin_logs" | "martin_cancel" | "martin_pause" | "martin_continue" | "martin_list_runs" | "martin_triage_runs" | "martin_get_run" | "martin_get_attempt" | "martin_get_verification_results" | "martin_run_dossier" | "martin_dossier" | "martin_eval" | "martin_pr_summary" | "martin_create_pr" | "martin_review_pr";
 export { sanitizeToolErrorMessage } from "./tools/tool-errors.js";
 export declare function validateToolInput(name: ToolName, args: unknown): unknown;
 export declare function resolveSafeRepoRoot(repoRoot?: string, workspaceRoot?: string): string;
+export declare function resolveTrustedLoopRepoRoot(repoRoot?: string, workspaceRoot?: string): string;
 export declare function resolveSafeRunsJsonPath(file: string, runsRoot?: string): string;
 export declare function resolveSafeRunsPath(file: string, runsRoot?: string): string;
 export declare function resolveSafeRunsRootPath(runsRoot?: string, fallbackRunsRoot?: string): string;

package/dist/server-validation.js

@@ -13,8 +13,16 @@ export function validateToolInput(name, args) {
             return validateStatusInput(args);
         case "martin_doctor":
             return validateDoctorInput(args);
+        case "martin_plan":
+            return validatePlanInput(args);
         case "martin_preflight":
             return validatePreflightInput(args);
+        case "martin_logs":
+            return validateLogsInput(args);
+        case "martin_cancel":
+        case "martin_pause":
+        case "martin_continue":
+            return validateRunControlInput(args);
         case "martin_list_runs":
             return validateListRunsInput(args);
         case "martin_triage_runs":
@@ -26,7 +34,16 @@ export function validateToolInput(name, args) {
         case "martin_get_verification_results":
             return validateGetVerificationResultsInput(args);
         case "martin_run_dossier":
+        case "martin_dossier":
             return validateRunDossierInput(args);
+        case "martin_eval":
+            return validateEvalInput(args);
+        case "martin_pr_summary":
+            return validateRunDossierInput(args);
+        case "martin_create_pr":
+            return validateCreatePrInput(args);
+        case "martin_review_pr":
+            return validateReviewPrInput(args);
         default:
             throw invalidArgumentsError(`Unknown tool: ${name}`, "Refresh the Martin tool manifest and retry.");
     }
@@ -40,6 +57,14 @@ export function resolveSafeRepoRoot(repoRoot, workspaceRoot = process.env.MARTIN
     });
     return candidate;
 }
+export function resolveTrustedLoopRepoRoot(repoRoot, workspaceRoot = process.env.MARTIN_MCP_WORKSPACE_ROOT ?? process.cwd()) {
+    try {
+        return resolveSafeRepoRoot(repoRoot, workspaceRoot);
+    }
+    catch {
+        throw invalidPathError("Run record points outside the trusted workspace.", "Inspect or promote only loop records that were created under the current workspace root.");
+    }
+}
 export function resolveSafeRunsJsonPath(file, runsRoot = resolveRunsRoot(process.env)) {
     const baseRoot = resolve(runsRoot);
     const candidate = resolve(baseRoot, file);
@@ -69,12 +94,27 @@ export function resolveSafeRunsPath(file, runsRoot = resolveRunsRoot(process.env
 export function resolveSafeRunsRootPath(runsRoot, fallbackRunsRoot = resolveRunsRoot(process.env)) {
     const baseRoot = resolve(fallbackRunsRoot);
     const candidate = runsRoot ? resolve(baseRoot, runsRoot) : baseRoot;
+    if (runsRoot && !existsSync(candidate)) {
+        if (!isAbsolute(runsRoot)) {
+            assertRawPathWithinRoot(candidate, baseRoot, "runsDir");
+        }
+        return candidate;
+    }
     assertPathWithinRoot(candidate, baseRoot, "runsDir", {
         requireExistingCandidate: false,
         requireExistingRoot: false
     });
     return candidate;
 }
+function assertRawPathWithinRoot(candidatePath, rootPath, name) {
+    const relativePath = relative(resolve(rootPath), resolve(candidatePath));
+    if (relativePath === "" || relativePath === ".") {
+        return;
+    }
+    if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+        throw invalidPathError(`Invalid ${name}.`);
+    }
+}
 export function resolveSafeLoopRecordPath(loopId, runsRoot = resolveRunsRoot(process.env)) {
     const normalizedLoopId = requireLoopId(loopId, "loopId");
     return resolveSafeRunsJsonPath(`${normalizedLoopId}/loop-record.json`, runsRoot);
@@ -102,9 +142,14 @@ function validateRunInput(args) {
         "workingDirectory",
         "engine",
         "model",
+        "context",
+        "policyPack",
         "maxUsd",
         "maxIterations",
         "maxTokens",
+        "maxMinutes",
+        "maxFilesChanged",
+        "maxCommands",
         "verificationPlan",
         "allowedPaths",
         "deniedPaths",
@@ -119,9 +164,20 @@ function validateRunInput(args) {
             : {}),
         ...(engine ? { engine } : {}),
         ...optionalString(record.model, "model"),
+        ...optionalString(record.context, "context"),
+        ...optionalEnumAsObject(record.policyPack, "policyPack", [
+            "solo-founder",
+            "startup-team",
+            "enterprise-strict",
+            "oss-maintainer",
+            "security-sensitive"
+        ]),
         ...optionalPositiveNumber(record.maxUsd, "maxUsd"),
         ...optionalPositiveInteger(record.maxIterations, "maxIterations"),
         ...optionalPositiveInteger(record.maxTokens, "maxTokens"),
+        ...optionalPositiveInteger(record.maxMinutes, "maxMinutes"),
+        ...optionalPositiveInteger(record.maxFilesChanged, "maxFilesChanged"),
+        ...optionalPositiveInteger(record.maxCommands, "maxCommands"),
         ...optionalStringArrayAsObject(record.verificationPlan, "verificationPlan"),
         ...optionalPathPatternArrayAsObject(record.allowedPaths, "allowedPaths"),
         ...optionalPathPatternArrayAsObject(record.deniedPaths, "deniedPaths"),
@@ -196,6 +252,35 @@ function validateDoctorInput(args) {
 function validatePreflightInput(args) {
     return validateRunInput(args);
 }
+function validatePlanInput(args) {
+    return validateRunInput(args);
+}
+function validateLogsInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["file", "loopId", "runsDir", "latest", "limit"]);
+    const resolvedRunsDir = record.runsDir !== undefined
+        ? resolveSafeRunsRootPath(requireString(record.runsDir, "runsDir"))
+        : undefined;
+    const selectors = [
+        record.file !== undefined ? "file" : null,
+        record.loopId !== undefined ? "loopId" : null,
+        record.latest !== undefined ? "latest" : null
+    ].filter((value) => value !== null);
+    if (selectors.length !== 1) {
+        throw invalidSelectorError("Provide exactly one of file, loopId, or latest.", "Choose exactly one run selector per call.");
+    }
+    return {
+        ...(record.file !== undefined
+            ? {
+                file: resolveSafeRunsPath(requireString(record.file, "file"), resolvedRunsDir ?? resolveRunsRoot(process.env))
+            }
+            : {}),
+        ...(record.loopId !== undefined ? { loopId: requireLoopId(record.loopId, "loopId") } : {}),
+        ...(resolvedRunsDir ? { runsDir: resolvedRunsDir } : {}),
+        ...(record.latest === true ? { latest: true } : {}),
+        ...optionalPositiveInteger(record.limit, "limit")
+    };
+}
 function validateListRunsInput(args) {
     const record = requireObject(args);
     assertAllowedKeys(record, [
@@ -326,8 +411,47 @@ function validateGetVerificationResultsInput(args) {
     };
 }
 function validateRunDossierInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["file", "loopId", "runsDir", "latest", "format"]);
+    const base = validateGetRunInput(args);
+    return {
+        ...base,
+        ...optionalEnumAsObject(record.format, "format", ["json", "md", "github-pr"])
+    };
+}
+function validateEvalInput(args) {
     return validateGetRunInput(args);
 }
+function validateRunControlInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["file", "loopId", "runsDir", "latest", "reason", "requestedBy"]);
+    const base = validateGetRunInput(args);
+    return {
+        ...base,
+        ...optionalString(record.reason, "reason"),
+        ...optionalString(record.requestedBy, "requestedBy")
+    };
+}
+function validateCreatePrInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["file", "loopId", "runsDir", "latest", "format", "title", "base", "execute"]);
+    const base = validateRunDossierInput(args);
+    return {
+        ...base,
+        ...optionalString(record.title, "title"),
+        ...optionalString(record.base, "base"),
+        ...optionalBoolean(record.execute, "execute")
+    };
+}
+function validateReviewPrInput(args) {
+    const record = requireObject(args);
+    assertAllowedKeys(record, ["file", "loopId", "runsDir", "latest", "format", "prBody"]);
+    const base = validateRunDossierInput(args);
+    return {
+        ...base,
+        ...optionalString(record.prBody, "prBody")
+    };
+}
 function requireObject(value) {
     if (!value || typeof value !== "object" || Array.isArray(value)) {
         throw invalidArgumentsError("Tool arguments must be an object.");