@matheuskrumenauer/tanya 0.7.0-beta.0 → 0.10.0-beta.0

package/README.md

@@ -174,6 +174,7 @@ tanya runs                    # show recent run logs with cost/status
 tanya video presets           # list available video presets
 tanya video one-terminal-simctl # generate the exact transparent terminal asset
 tanya providers test          # provider smoke test
+tanya mcp serve               # expose Tanya verifier/run/skills over MCP stdio
 tanya doctor                  # local environment check
 ```
 
@@ -188,6 +189,7 @@ model:
 /verify           # print the deterministic verifier report for the cwd
 /cost             # show persisted token usage and estimated cost
 /memory --limit 5 # list recent golden-task memory
+/mcp              # list connected MCP servers and tools
 ```
 
 Project-local commands live in `.tania/commands/*.{js,ts,sh}` and appear in
@@ -198,6 +200,73 @@ run directly; JavaScript and TypeScript commands export a default
 Project-local commands are arbitrary code execution and are gated by the same
 permission engine as native tools.
 
+## Sub-agent tool
+
+The `task` tool delegates a bounded child run while keeping the parent in
+control:
+
+```json
+{
+  "prompt": "Map the auth module and report blockers.",
+  "workspace": "src/auth",
+  "max_turns": 12,
+  "token_budget": { "max_tokens": 12000 },
+  "treat_failure_as": "warning"
+}
+```
+
+Children inherit the parent's skill packs, permission rules, workspace, and
+budget. They may narrow those constraints but cannot loosen them. Depth is
+capped at 2 by default (`TANYA_SUBTASK_MAX_DEPTH`), and active children share a
+default parallel cap of 3 (`TANYA_SUBTASK_MAX_PARALLEL`).
+
+Every child runs its own verifier. Failed child verdicts become parent blockers
+by default; `treat_failure_as` can demote a specific child to `warning` or
+`ignore` when the caller wants advisory work only. Child events stream into the
+parent log with a `subRunId`, and parent cancellation propagates into active
+children.
+
+See [docs/sub-agents.md](./docs/sub-agents.md) for permission inheritance,
+budget-ledger semantics, cancellation, verifier composition, and memory rollup.
+
+## MCP integration
+
+Tanya can consume external Model Context Protocol servers and expose Tanya's own
+verifier and memory primitives to MCP-speaking clients.
+
+Client configuration is allowlist-only. User-global servers are read from
+`~/.tanya/mcp.json` with a fallback read of `~/.tania/mcp.json`; project servers
+live in `.tania/mcp.json` and override same-named user servers. Connected tools
+are registered as normal Tanya tools named `mcp:<server>:<tool>`, so permission
+rules, audit logging, truncation, and verifier visibility apply exactly as they
+do for native tools.
+
+```json
+{
+  "version": 1,
+  "servers": [
+    {
+      "name": "filesystem",
+      "transport": "stdio",
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-filesystem", "."]
+    }
+  ]
+}
+```
+
+Use `/mcp` in the REPL to inspect connected servers. Use `tanya mcp serve` to
+start Tanya's MCP server over stdio; it exposes `tanya.verify`,
+`tanya.golden_task_search`, `tanya.run`, and `tanya.skills_list`.
+
+MCP servers are untrusted code. Tanya refuses undeclared servers, gates every
+MCP tool call through the permission engine, captures stdio server stderr under
+`.tania/mcp/logs/`, restarts crashed servers up to three times, and rejects
+schema-invalid tool responses before they reach model history.
+
+See [docs/mcp.md](./docs/mcp.md) for the full schema, transports, server tools,
+and security model.
+
 `--verify` adds required verification commands to the run context. Tanya must run and report each exact command before finishing the coding task.
 
 `tanya benchmark run --all` currently exercises 27 executable low-to-medium regression fixtures: targeted edits, new files, dependency/lockfile updates, framework-style migrations, failing-test repair, frontend smoke checks, artifact/context reuse, streaming long-tool execution, compaction-boundary recovery, run-history logging, dirty worktrees, report repair, and the CosmoHQ mobile/backend smoke profiles.