@oisincoveney/pipeline 1.5.4 → 1.5.5

package/dist/config.d.ts

@@ -57,8 +57,11 @@ declare const configSchema: z.ZodObject<{
     }, z.core.$strict>>>;
     mcp_servers: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
         args: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        command: z.ZodString;
+        bearer_token_env_var: z.ZodOptional<z.ZodString>;
+        command: z.ZodOptional<z.ZodString>;
         env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        url: z.ZodOptional<z.ZodString>;
     }, z.core.$strict>>>;
     orchestrator: z.ZodObject<{
         hooks: z.ZodOptional<z.ZodArray<z.ZodString>>;

package/dist/config.js

@@ -21366,9 +21366,59 @@ var pathRefSchema = exports_external.object({
 }).strict();
 var mcpServerSchema = exports_external.object({
   args: exports_external.array(exports_external.string()).optional(),
-  command: exports_external.string().min(1),
-  env: exports_external.record(exports_external.string(), exports_external.string()).optional()
-}).strict();
+  bearer_token_env_var: exports_external.string().min(1).optional(),
+  command: exports_external.string().min(1).optional(),
+  env: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  headers: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  url: exports_external.string().url().refine((value) => ["http:", "https:"].includes(new URL(value).protocol), {
+    message: "MCP server url must use http or https"
+  }).optional()
+}).strict().superRefine((server, ctx) => {
+  const hasCommand = Boolean(server.command);
+  const hasUrl = Boolean(server.url);
+  if (hasCommand === hasUrl) {
+    ctx.addIssue({
+      code: "custom",
+      message: "MCP server must declare exactly one of command or url",
+      path: hasCommand ? ["url"] : ["command"]
+    });
+  }
+  if (hasUrl && server.args) {
+    ctx.addIssue({
+      code: "custom",
+      message: "args are only valid for command MCP servers",
+      path: ["args"]
+    });
+  }
+  if (hasUrl && server.env) {
+    ctx.addIssue({
+      code: "custom",
+      message: "env is only valid for command MCP servers",
+      path: ["env"]
+    });
+  }
+  if (hasCommand && server.headers) {
+    ctx.addIssue({
+      code: "custom",
+      message: "headers are only valid for url MCP servers",
+      path: ["headers"]
+    });
+  }
+  if (hasCommand && server.bearer_token_env_var) {
+    ctx.addIssue({
+      code: "custom",
+      message: "bearer_token_env_var is only valid for url MCP servers",
+      path: ["bearer_token_env_var"]
+    });
+  }
+  if (hasUrl && server.bearer_token_env_var && Object.keys(server.headers ?? {}).some((key) => key.toLowerCase() === "authorization")) {
+    ctx.addIssue({
+      code: "custom",
+      message: "headers.Authorization cannot be combined with bearer_token_env_var",
+      path: ["bearer_token_env_var"]
+    });
+  }
+});
 var instructionsSchema = exports_external.object({
   inline: exports_external.string().min(1).optional(),
   path: exports_external.string().min(1).optional()

package/dist/index.js

@@ -27439,9 +27439,59 @@ var pathRefSchema = exports_external.object({
 }).strict();
 var mcpServerSchema = exports_external.object({
   args: exports_external.array(exports_external.string()).optional(),
-  command: exports_external.string().min(1),
-  env: exports_external.record(exports_external.string(), exports_external.string()).optional()
-}).strict();
+  bearer_token_env_var: exports_external.string().min(1).optional(),
+  command: exports_external.string().min(1).optional(),
+  env: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  headers: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  url: exports_external.string().url().refine((value) => ["http:", "https:"].includes(new URL(value).protocol), {
+    message: "MCP server url must use http or https"
+  }).optional()
+}).strict().superRefine((server, ctx) => {
+  const hasCommand = Boolean(server.command);
+  const hasUrl = Boolean(server.url);
+  if (hasCommand === hasUrl) {
+    ctx.addIssue({
+      code: "custom",
+      message: "MCP server must declare exactly one of command or url",
+      path: hasCommand ? ["url"] : ["command"]
+    });
+  }
+  if (hasUrl && server.args) {
+    ctx.addIssue({
+      code: "custom",
+      message: "args are only valid for command MCP servers",
+      path: ["args"]
+    });
+  }
+  if (hasUrl && server.env) {
+    ctx.addIssue({
+      code: "custom",
+      message: "env is only valid for command MCP servers",
+      path: ["env"]
+    });
+  }
+  if (hasCommand && server.headers) {
+    ctx.addIssue({
+      code: "custom",
+      message: "headers are only valid for url MCP servers",
+      path: ["headers"]
+    });
+  }
+  if (hasCommand && server.bearer_token_env_var) {
+    ctx.addIssue({
+      code: "custom",
+      message: "bearer_token_env_var is only valid for url MCP servers",
+      path: ["bearer_token_env_var"]
+    });
+  }
+  if (hasUrl && server.bearer_token_env_var && Object.keys(server.headers ?? {}).some((key) => key.toLowerCase() === "authorization")) {
+    ctx.addIssue({
+      code: "custom",
+      message: "headers.Authorization cannot be combined with bearer_token_env_var",
+      path: ["bearer_token_env_var"]
+    });
+  }
+});
 var instructionsSchema = exports_external.object({
   inline: exports_external.string().min(1).optional(),
   path: exports_external.string().min(1).optional()
@@ -28866,25 +28916,22 @@ function cliDispatchLine(route) {
 }
 function runnerCliCommand(route) {
   if (route.runnerId === "codex") {
-    return `codex exec --json -C <repo-root> --sandbox ${codexSandbox(route.profile)} --skip-git-repo-check <node prompt>`;
+    return "codex exec --json -C <repo-root> --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check <node prompt>";
   }
   if (route.runnerId === "kimi") {
-    return `kimi --print --agent-file .kimi/agents/${route.profileId}.yaml --work-dir <repo-root> --final-message-only --prompt <node prompt>`;
+    return `kimi --print --agent-file .kimi/agents/${route.profileId}.yaml --work-dir <repo-root> --yolo --final-message-only --prompt <node prompt>`;
   }
   if (route.runnerId === "opencode") {
     return `opencode run --agent ${route.profileId} --format json --dir <repo-root> <node prompt>`;
   }
   if (route.runnerId === "claude") {
-    return `claude --agent ${route.profileId} --print -p <node prompt>`;
+    return `claude --agent ${route.profileId} --print --dangerously-skip-permissions -p <node prompt>`;
   }
   if (route.runnerId === "pi") {
     return "pi --print --no-session <node prompt>";
   }
   return `${route.runnerId} <node prompt>`;
 }
-function codexSandbox(profile) {
-  return profile.filesystem?.mode === "workspace-write" ? "workspace-write" : "read-only";
-}
 function nodePromptContract(workflowId, routes) {
   const hasCliRoutes = routes.some((route) => route.kind === "cli");
   const lead = hasCliRoutes ? "For each CLI node prompt include:" : "For each native node prompt include:";
@@ -36995,6 +37042,8 @@ import {
 } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname as dirname3, join as join5 } from "node:path";
+var TOML_BARE_KEY_PATTERN = /^[A-Za-z0-9_-]+$/;
+
 class RunnerCapabilityError extends Error {
   constructor(message) {
     super(message);
@@ -37017,6 +37066,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options2 = {})
         ...claudeToolArgs(tools),
         ...mcpArgs,
         ...skillArgs,
+        "--dangerously-skip-permissions",
         "-p",
         prompt
       ];
@@ -37029,10 +37079,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options2 = {})
         ...optionalModelArgs(harness, options2.runner, options2.actor),
         ...mcpArgs,
         ...skillArgs,
-        "--sandbox",
-        codexSandboxFor(options2.actor),
-        "--config",
-        'approval_policy="never"',
+        "--dangerously-bypass-approvals-and-sandbox",
         "--skip-git-repo-check",
         prompt
       ];
@@ -37070,6 +37117,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options2 = {})
         ...optionalModelArgs(harness, options2.runner, options2.actor),
         ...mcpArgs,
         ...skillArgs,
+        "--yolo",
         "--final-message-only",
         "--prompt",
         prompt
@@ -37080,9 +37128,6 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options2 = {})
     }
   }
 }
-function codexSandboxFor(actor) {
-  return actor?.filesystem?.mode === "read-only" ? "read-only" : "workspace-write";
-}
 function createRunnerLaunchPlan(config2, input) {
   const profile = input.profileId ? config2.profiles[input.profileId] : undefined;
   if (input.profileId && !profile) {
@@ -37215,12 +37260,12 @@ function mcpArgsFor(runnerType, config2, actor) {
   if (runnerType === "claude") {
     return [
       "--mcp-config",
-      JSON.stringify(toClaudeKimiMcpConfig(servers)),
+      JSON.stringify(toClaudeMcpConfig(servers)),
       "--strict-mcp-config"
     ];
   }
   if (runnerType === "kimi") {
-    return ["--mcp-config", JSON.stringify(toClaudeKimiMcpConfig(servers))];
+    return ["--mcp-config", JSON.stringify(toKimiMcpConfig(servers))];
   }
   if (runnerType === "codex") {
     return codexMcpArgs(servers);
@@ -37240,39 +37285,120 @@ function runnerEnv(runnerType, config2, actor, worktreePath, nodeId) {
     PIPELINE_WORKTREE: worktreePath
   };
 }
-function toClaudeKimiMcpConfig(servers) {
-  return { mcpServers: servers };
+function isRemoteMcpServer(server) {
+  return typeof server.url === "string";
 }
-function toOpenCodeMcpConfig(servers) {
+function headersWithBearerTokenEnv(server, renderTokenRef) {
+  const headers = { ...server.headers ?? {} };
+  if (server.bearer_token_env_var) {
+    headers.Authorization = `Bearer ${renderTokenRef(server.bearer_token_env_var)}`;
+  }
+  return Object.keys(headers).length > 0 ? headers : undefined;
+}
+function toClaudeMcpConfig(servers) {
+  return {
+    mcpServers: Object.fromEntries(Object.entries(servers).map(([id, server]) => {
+      if (isRemoteMcpServer(server)) {
+        const headers = headersWithBearerTokenEnv(server, (envVar) => `\${${envVar}}`);
+        return [
+          id,
+          {
+            type: "http",
+            url: server.url,
+            ...headers ? { headers } : {}
+          }
+        ];
+      }
+      return [
+        id,
+        {
+          command: server.command,
+          ...server.args ? { args: server.args } : {},
+          ...server.env ? { env: server.env } : {}
+        }
+      ];
+    }))
+  };
+}
+function toKimiMcpConfig(servers) {
   return {
-    mcp: Object.fromEntries(Object.entries(servers).map(([id, server]) => [
+    mcpServers: Object.fromEntries(Object.entries(servers).map(([id, server]) => [
       id,
-      {
-        command: [server.command, ...server.args ?? []],
-        enabled: true,
-        ...server.env ? { environment: server.env } : {},
-        type: "local"
+      isRemoteMcpServer(server) ? {
+        url: server.url,
+        ...server.headers ? { headers: server.headers } : {},
+        ...server.bearer_token_env_var ? { bearerTokenEnvVar: server.bearer_token_env_var } : {}
+      } : {
+        command: server.command,
+        ...server.args ? { args: server.args } : {},
+        ...server.env ? { env: server.env } : {}
       }
     ]))
   };
 }
+function toOpenCodeMcpConfig(servers) {
+  return {
+    mcp: Object.fromEntries(Object.entries(servers).map(([id, server]) => {
+      if (isRemoteMcpServer(server)) {
+        const headers = headersWithBearerTokenEnv(server, (envVar) => `{env:${envVar}}`);
+        return [
+          id,
+          {
+            enabled: true,
+            ...headers ? { headers } : {},
+            type: "remote",
+            url: server.url
+          }
+        ];
+      }
+      return [
+        id,
+        {
+          command: [server.command, ...server.args ?? []],
+          enabled: true,
+          ...server.env ? { environment: server.env } : {},
+          type: "local"
+        }
+      ];
+    }))
+  };
+}
 function codexMcpArgs(servers) {
-  return Object.entries(servers).flatMap(([id, server]) => [
-    "--config",
-    `mcp_servers.${id}.command=${tomlValue(server.command)}`,
-    ...server.args ? ["--config", `mcp_servers.${id}.args=${tomlValue(server.args)}`] : [],
-    ...server.env ? ["--config", `mcp_servers.${id}.env=${tomlValue(server.env)}`] : []
-  ]);
+  return Object.entries(servers).flatMap(([id, server]) => {
+    if (isRemoteMcpServer(server)) {
+      return [
+        "--config",
+        `mcp_servers.${id}.url=${tomlValue(server.url)}`,
+        ...server.headers ? [
+          "--config",
+          `mcp_servers.${id}.http_headers=${tomlValue(server.headers)}`
+        ] : [],
+        ...server.bearer_token_env_var ? [
+          "--config",
+          `mcp_servers.${id}.bearer_token_env_var=${tomlValue(server.bearer_token_env_var)}`
+        ] : []
+      ];
+    }
+    return [
+      "--config",
+      `mcp_servers.${id}.command=${tomlValue(server.command)}`,
+      ...server.args ? ["--config", `mcp_servers.${id}.args=${tomlValue(server.args)}`] : [],
+      ...server.env ? ["--config", `mcp_servers.${id}.env=${tomlValue(server.env)}`] : []
+    ];
+  });
 }
 function tomlValue(value) {
   if (Array.isArray(value)) {
     return `[${value.map(tomlValue).join(", ")}]`;
   }
   if (value && typeof value === "object") {
-    return `{ ${Object.entries(value).map(([key, item]) => `${key} = ${tomlValue(item)}`).join(", ")} }`;
+    return `{ ${Object.entries(value).map(([key, item]) => `${tomlKey(key)} = ${tomlValue(item)}`).join(", ")} }`;
   }
   return JSON.stringify(value);
 }
+function tomlKey(key) {
+  return TOML_BARE_KEY_PATTERN.test(key) ? key : JSON.stringify(key);
+}
 function nativeStrategy(config2, input, runnerId) {
   const runner = config2.runners[runnerId];
   const profile = input.profileId ? config2.profiles[input.profileId] : undefined;
@@ -37957,8 +38083,19 @@ function renderMcpReferences(ids, registry2) {
     "Loaded MCP servers:",
     ...ids.map((id) => {
       const server = registry2[id];
+      if (server?.url) {
+        return [
+          `## ${id}`,
+          "transport: http",
+          `url: ${server.url}`,
+          `headers: ${Object.keys(server.headers ?? {}).join(", ") || "none"}`,
+          `bearer_token_env_var: ${server.bearer_token_env_var ?? "none"}`
+        ].join(`
+`);
+      }
       return [
         `## ${id}`,
+        "transport: stdio",
         `command: ${server?.command ?? ""}`,
         `args: ${(server?.args ?? []).join(" ") || "none"}`,
         `env: ${Object.keys(server?.env ?? {}).join(", ") || "none"}`

package/dist/pipeline-runtime.js

@@ -28569,9 +28569,59 @@ var pathRefSchema = exports_external.object({
 }).strict();
 var mcpServerSchema = exports_external.object({
   args: exports_external.array(exports_external.string()).optional(),
-  command: exports_external.string().min(1),
-  env: exports_external.record(exports_external.string(), exports_external.string()).optional()
-}).strict();
+  bearer_token_env_var: exports_external.string().min(1).optional(),
+  command: exports_external.string().min(1).optional(),
+  env: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  headers: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  url: exports_external.string().url().refine((value) => ["http:", "https:"].includes(new URL(value).protocol), {
+    message: "MCP server url must use http or https"
+  }).optional()
+}).strict().superRefine((server, ctx) => {
+  const hasCommand = Boolean(server.command);
+  const hasUrl = Boolean(server.url);
+  if (hasCommand === hasUrl) {
+    ctx.addIssue({
+      code: "custom",
+      message: "MCP server must declare exactly one of command or url",
+      path: hasCommand ? ["url"] : ["command"]
+    });
+  }
+  if (hasUrl && server.args) {
+    ctx.addIssue({
+      code: "custom",
+      message: "args are only valid for command MCP servers",
+      path: ["args"]
+    });
+  }
+  if (hasUrl && server.env) {
+    ctx.addIssue({
+      code: "custom",
+      message: "env is only valid for command MCP servers",
+      path: ["env"]
+    });
+  }
+  if (hasCommand && server.headers) {
+    ctx.addIssue({
+      code: "custom",
+      message: "headers are only valid for url MCP servers",
+      path: ["headers"]
+    });
+  }
+  if (hasCommand && server.bearer_token_env_var) {
+    ctx.addIssue({
+      code: "custom",
+      message: "bearer_token_env_var is only valid for url MCP servers",
+      path: ["bearer_token_env_var"]
+    });
+  }
+  if (hasUrl && server.bearer_token_env_var && Object.keys(server.headers ?? {}).some((key) => key.toLowerCase() === "authorization")) {
+    ctx.addIssue({
+      code: "custom",
+      message: "headers.Authorization cannot be combined with bearer_token_env_var",
+      path: ["bearer_token_env_var"]
+    });
+  }
+});
 var instructionsSchema = exports_external.object({
   inline: exports_external.string().min(1).optional(),
   path: exports_external.string().min(1).optional()
@@ -29485,6 +29535,8 @@ import {
 } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname, join as join3 } from "node:path";
+var TOML_BARE_KEY_PATTERN = /^[A-Za-z0-9_-]+$/;
+
 class RunnerCapabilityError extends Error {
   constructor(message) {
     super(message);
@@ -29507,6 +29559,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
         ...claudeToolArgs(tools),
         ...mcpArgs,
         ...skillArgs,
+        "--dangerously-skip-permissions",
         "-p",
         prompt
       ];
@@ -29519,10 +29572,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
         ...optionalModelArgs(harness, options.runner, options.actor),
         ...mcpArgs,
         ...skillArgs,
-        "--sandbox",
-        codexSandboxFor(options.actor),
-        "--config",
-        'approval_policy="never"',
+        "--dangerously-bypass-approvals-and-sandbox",
         "--skip-git-repo-check",
         prompt
       ];
@@ -29560,6 +29610,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
         ...optionalModelArgs(harness, options.runner, options.actor),
         ...mcpArgs,
         ...skillArgs,
+        "--yolo",
         "--final-message-only",
         "--prompt",
         prompt
@@ -29570,9 +29621,6 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
     }
   }
 }
-function codexSandboxFor(actor) {
-  return actor?.filesystem?.mode === "read-only" ? "read-only" : "workspace-write";
-}
 function createRunnerLaunchPlan(config2, input) {
   const profile = input.profileId ? config2.profiles[input.profileId] : undefined;
   if (input.profileId && !profile) {
@@ -29699,12 +29747,12 @@ function mcpArgsFor(runnerType, config2, actor) {
   if (runnerType === "claude") {
     return [
       "--mcp-config",
-      JSON.stringify(toClaudeKimiMcpConfig(servers)),
+      JSON.stringify(toClaudeMcpConfig(servers)),
       "--strict-mcp-config"
     ];
   }
   if (runnerType === "kimi") {
-    return ["--mcp-config", JSON.stringify(toClaudeKimiMcpConfig(servers))];
+    return ["--mcp-config", JSON.stringify(toKimiMcpConfig(servers))];
   }
   if (runnerType === "codex") {
     return codexMcpArgs(servers);
@@ -29724,39 +29772,120 @@ function runnerEnv(runnerType, config2, actor, worktreePath, nodeId) {
     PIPELINE_WORKTREE: worktreePath
   };
 }
-function toClaudeKimiMcpConfig(servers) {
-  return { mcpServers: servers };
+function isRemoteMcpServer(server) {
+  return typeof server.url === "string";
 }
-function toOpenCodeMcpConfig(servers) {
+function headersWithBearerTokenEnv(server, renderTokenRef) {
+  const headers = { ...server.headers ?? {} };
+  if (server.bearer_token_env_var) {
+    headers.Authorization = `Bearer ${renderTokenRef(server.bearer_token_env_var)}`;
+  }
+  return Object.keys(headers).length > 0 ? headers : undefined;
+}
+function toClaudeMcpConfig(servers) {
   return {
-    mcp: Object.fromEntries(Object.entries(servers).map(([id, server]) => [
+    mcpServers: Object.fromEntries(Object.entries(servers).map(([id, server]) => {
+      if (isRemoteMcpServer(server)) {
+        const headers = headersWithBearerTokenEnv(server, (envVar) => `\${${envVar}}`);
+        return [
+          id,
+          {
+            type: "http",
+            url: server.url,
+            ...headers ? { headers } : {}
+          }
+        ];
+      }
+      return [
+        id,
+        {
+          command: server.command,
+          ...server.args ? { args: server.args } : {},
+          ...server.env ? { env: server.env } : {}
+        }
+      ];
+    }))
+  };
+}
+function toKimiMcpConfig(servers) {
+  return {
+    mcpServers: Object.fromEntries(Object.entries(servers).map(([id, server]) => [
       id,
-      {
-        command: [server.command, ...server.args ?? []],
-        enabled: true,
-        ...server.env ? { environment: server.env } : {},
-        type: "local"
+      isRemoteMcpServer(server) ? {
+        url: server.url,
+        ...server.headers ? { headers: server.headers } : {},
+        ...server.bearer_token_env_var ? { bearerTokenEnvVar: server.bearer_token_env_var } : {}
+      } : {
+        command: server.command,
+        ...server.args ? { args: server.args } : {},
+        ...server.env ? { env: server.env } : {}
       }
     ]))
   };
 }
+function toOpenCodeMcpConfig(servers) {
+  return {
+    mcp: Object.fromEntries(Object.entries(servers).map(([id, server]) => {
+      if (isRemoteMcpServer(server)) {
+        const headers = headersWithBearerTokenEnv(server, (envVar) => `{env:${envVar}}`);
+        return [
+          id,
+          {
+            enabled: true,
+            ...headers ? { headers } : {},
+            type: "remote",
+            url: server.url
+          }
+        ];
+      }
+      return [
+        id,
+        {
+          command: [server.command, ...server.args ?? []],
+          enabled: true,
+          ...server.env ? { environment: server.env } : {},
+          type: "local"
+        }
+      ];
+    }))
+  };
+}
 function codexMcpArgs(servers) {
-  return Object.entries(servers).flatMap(([id, server]) => [
-    "--config",
-    `mcp_servers.${id}.command=${tomlValue(server.command)}`,
-    ...server.args ? ["--config", `mcp_servers.${id}.args=${tomlValue(server.args)}`] : [],
-    ...server.env ? ["--config", `mcp_servers.${id}.env=${tomlValue(server.env)}`] : []
-  ]);
+  return Object.entries(servers).flatMap(([id, server]) => {
+    if (isRemoteMcpServer(server)) {
+      return [
+        "--config",
+        `mcp_servers.${id}.url=${tomlValue(server.url)}`,
+        ...server.headers ? [
+          "--config",
+          `mcp_servers.${id}.http_headers=${tomlValue(server.headers)}`
+        ] : [],
+        ...server.bearer_token_env_var ? [
+          "--config",
+          `mcp_servers.${id}.bearer_token_env_var=${tomlValue(server.bearer_token_env_var)}`
+        ] : []
+      ];
+    }
+    return [
+      "--config",
+      `mcp_servers.${id}.command=${tomlValue(server.command)}`,
+      ...server.args ? ["--config", `mcp_servers.${id}.args=${tomlValue(server.args)}`] : [],
+      ...server.env ? ["--config", `mcp_servers.${id}.env=${tomlValue(server.env)}`] : []
+    ];
+  });
 }
 function tomlValue(value) {
   if (Array.isArray(value)) {
     return `[${value.map(tomlValue).join(", ")}]`;
   }
   if (value && typeof value === "object") {
-    return `{ ${Object.entries(value).map(([key, item]) => `${key} = ${tomlValue(item)}`).join(", ")} }`;
+    return `{ ${Object.entries(value).map(([key, item]) => `${tomlKey(key)} = ${tomlValue(item)}`).join(", ")} }`;
   }
   return JSON.stringify(value);
 }
+function tomlKey(key) {
+  return TOML_BARE_KEY_PATTERN.test(key) ? key : JSON.stringify(key);
+}
 function nativeStrategy(config2, input, runnerId) {
   const runner = config2.runners[runnerId];
   const profile = input.profileId ? config2.profiles[input.profileId] : undefined;
@@ -30663,8 +30792,19 @@ function renderMcpReferences(ids, registry2) {
     "Loaded MCP servers:",
     ...ids.map((id) => {
       const server = registry2[id];
+      if (server?.url) {
+        return [
+          `## ${id}`,
+          "transport: http",
+          `url: ${server.url}`,
+          `headers: ${Object.keys(server.headers ?? {}).join(", ") || "none"}`,
+          `bearer_token_env_var: ${server.bearer_token_env_var ?? "none"}`
+        ].join(`
+`);
+      }
       return [
         `## ${id}`,
+        "transport: stdio",
         `command: ${server?.command ?? ""}`,
         `args: ${(server?.args ?? []).join(" ") || "none"}`,
         `env: ${Object.keys(server?.env ?? {}).join(", ") || "none"}`

package/dist/runner.js

@@ -7215,6 +7215,8 @@ var {
 } = getIpcExport();
 
 // src/runner.ts
+var TOML_BARE_KEY_PATTERN = /^[A-Za-z0-9_-]+$/;
+
 class RunnerCapabilityError extends Error {
   constructor(message) {
     super(message);
@@ -7270,6 +7272,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
         ...claudeToolArgs(tools),
         ...mcpArgs,
         ...skillArgs,
+        "--dangerously-skip-permissions",
         "-p",
         prompt
       ];
@@ -7282,10 +7285,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
         ...optionalModelArgs(harness, options.runner, options.actor),
         ...mcpArgs,
         ...skillArgs,
-        "--sandbox",
-        codexSandboxFor(options.actor),
-        "--config",
-        'approval_policy="never"',
+        "--dangerously-bypass-approvals-and-sandbox",
         "--skip-git-repo-check",
         prompt
       ];
@@ -7323,6 +7323,7 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
         ...optionalModelArgs(harness, options.runner, options.actor),
         ...mcpArgs,
         ...skillArgs,
+        "--yolo",
         "--final-message-only",
         "--prompt",
         prompt
@@ -7333,9 +7334,6 @@ function harnessArgv(harness, prompt, worktreePath, contextFile, options = {}) {
     }
   }
 }
-function codexSandboxFor(actor) {
-  return actor?.filesystem?.mode === "read-only" ? "read-only" : "workspace-write";
-}
 async function execaHarness(harness, prompt, contextFile, worktreePath) {
   if (harness === "pi") {
     return execaHarnessPi(prompt, contextFile, worktreePath);
@@ -7545,12 +7543,12 @@ function mcpArgsFor(runnerType, config, actor) {
   if (runnerType === "claude") {
     return [
       "--mcp-config",
-      JSON.stringify(toClaudeKimiMcpConfig(servers)),
+      JSON.stringify(toClaudeMcpConfig(servers)),
       "--strict-mcp-config"
     ];
   }
   if (runnerType === "kimi") {
-    return ["--mcp-config", JSON.stringify(toClaudeKimiMcpConfig(servers))];
+    return ["--mcp-config", JSON.stringify(toKimiMcpConfig(servers))];
   }
   if (runnerType === "codex") {
     return codexMcpArgs(servers);
@@ -7570,39 +7568,120 @@ function runnerEnv(runnerType, config, actor, worktreePath, nodeId) {
     PIPELINE_WORKTREE: worktreePath
   };
 }
-function toClaudeKimiMcpConfig(servers) {
-  return { mcpServers: servers };
+function isRemoteMcpServer(server) {
+  return typeof server.url === "string";
 }
-function toOpenCodeMcpConfig(servers) {
+function headersWithBearerTokenEnv(server, renderTokenRef) {
+  const headers = { ...server.headers ?? {} };
+  if (server.bearer_token_env_var) {
+    headers.Authorization = `Bearer ${renderTokenRef(server.bearer_token_env_var)}`;
+  }
+  return Object.keys(headers).length > 0 ? headers : undefined;
+}
+function toClaudeMcpConfig(servers) {
   return {
-    mcp: Object.fromEntries(Object.entries(servers).map(([id, server]) => [
+    mcpServers: Object.fromEntries(Object.entries(servers).map(([id, server]) => {
+      if (isRemoteMcpServer(server)) {
+        const headers = headersWithBearerTokenEnv(server, (envVar) => `\${${envVar}}`);
+        return [
+          id,
+          {
+            type: "http",
+            url: server.url,
+            ...headers ? { headers } : {}
+          }
+        ];
+      }
+      return [
+        id,
+        {
+          command: server.command,
+          ...server.args ? { args: server.args } : {},
+          ...server.env ? { env: server.env } : {}
+        }
+      ];
+    }))
+  };
+}
+function toKimiMcpConfig(servers) {
+  return {
+    mcpServers: Object.fromEntries(Object.entries(servers).map(([id, server]) => [
       id,
-      {
-        command: [server.command, ...server.args ?? []],
-        enabled: true,
-        ...server.env ? { environment: server.env } : {},
-        type: "local"
+      isRemoteMcpServer(server) ? {
+        url: server.url,
+        ...server.headers ? { headers: server.headers } : {},
+        ...server.bearer_token_env_var ? { bearerTokenEnvVar: server.bearer_token_env_var } : {}
+      } : {
+        command: server.command,
+        ...server.args ? { args: server.args } : {},
+        ...server.env ? { env: server.env } : {}
       }
     ]))
   };
 }
+function toOpenCodeMcpConfig(servers) {
+  return {
+    mcp: Object.fromEntries(Object.entries(servers).map(([id, server]) => {
+      if (isRemoteMcpServer(server)) {
+        const headers = headersWithBearerTokenEnv(server, (envVar) => `{env:${envVar}}`);
+        return [
+          id,
+          {
+            enabled: true,
+            ...headers ? { headers } : {},
+            type: "remote",
+            url: server.url
+          }
+        ];
+      }
+      return [
+        id,
+        {
+          command: [server.command, ...server.args ?? []],
+          enabled: true,
+          ...server.env ? { environment: server.env } : {},
+          type: "local"
+        }
+      ];
+    }))
+  };
+}
 function codexMcpArgs(servers) {
-  return Object.entries(servers).flatMap(([id, server]) => [
-    "--config",
-    `mcp_servers.${id}.command=${tomlValue(server.command)}`,
-    ...server.args ? ["--config", `mcp_servers.${id}.args=${tomlValue(server.args)}`] : [],
-    ...server.env ? ["--config", `mcp_servers.${id}.env=${tomlValue(server.env)}`] : []
-  ]);
+  return Object.entries(servers).flatMap(([id, server]) => {
+    if (isRemoteMcpServer(server)) {
+      return [
+        "--config",
+        `mcp_servers.${id}.url=${tomlValue(server.url)}`,
+        ...server.headers ? [
+          "--config",
+          `mcp_servers.${id}.http_headers=${tomlValue(server.headers)}`
+        ] : [],
+        ...server.bearer_token_env_var ? [
+          "--config",
+          `mcp_servers.${id}.bearer_token_env_var=${tomlValue(server.bearer_token_env_var)}`
+        ] : []
+      ];
+    }
+    return [
+      "--config",
+      `mcp_servers.${id}.command=${tomlValue(server.command)}`,
+      ...server.args ? ["--config", `mcp_servers.${id}.args=${tomlValue(server.args)}`] : [],
+      ...server.env ? ["--config", `mcp_servers.${id}.env=${tomlValue(server.env)}`] : []
+    ];
+  });
 }
 function tomlValue(value) {
   if (Array.isArray(value)) {
     return `[${value.map(tomlValue).join(", ")}]`;
   }
   if (value && typeof value === "object") {
-    return `{ ${Object.entries(value).map(([key, item]) => `${key} = ${tomlValue(item)}`).join(", ")} }`;
+    return `{ ${Object.entries(value).map(([key, item]) => `${tomlKey(key)} = ${tomlValue(item)}`).join(", ")} }`;
   }
   return JSON.stringify(value);
 }
+function tomlKey(key) {
+  return TOML_BARE_KEY_PATTERN.test(key) ? key : JSON.stringify(key);
+}
 function nativeStrategy(config, input, runnerId) {
   const runner = config.runners[runnerId];
   const profile = input.profileId ? config.profiles[input.profileId] : undefined;

package/docs/config-architecture.md

@@ -108,12 +108,33 @@ receive explicit grants:
 
 - `rules`: named markdown rule files.
 - `skills`: named skill files.
-- `mcp_servers`: named MCP command definitions.
+- `mcp_servers`: named MCP server definitions. Servers may be local stdio
+  commands or remote streamable HTTP endpoints.
 - `tools`: allowed host tools only.
 - `filesystem`: read-only or workspace-write plus allow/deny paths.
 - `network`: inherited or disabled.
 - `output`: text, JSON, JSONL, or JSON Schema output.
 
+MCP servers support two strict shapes:
+
+```yaml
+mcp_servers:
+  docs:
+    command: npx
+    args: ["-y", "@example/docs-mcp"]
+    env:
+      DOCS_TOKEN: token
+  memory:
+    url: https://memory-mcp.momokaya.ee/mcp/
+    bearer_token_env_var: MEMORY_MCP_TOKEN
+    headers:
+      X-Memory-Region: eu
+```
+
+Exactly one of `command` or `url` is required. `args` and `env` apply only to
+command servers. `headers` and `bearer_token_env_var` apply only to URL
+servers.
+
 JSON Schema outputs are hard contracts. The runtime validates normalized agent
 output before the node can pass. Schema outputs also get a bounded repair pass
 by default:

package/package.json

@@ -73,7 +73,7 @@
     "prepack": "bun run build:cli"
   },
   "type": "module",
-  "version": "1.5.4",
+  "version": "1.5.5",
   "description": "",
   "main": "index.js",
   "keywords": [],