@ottocode/server 0.1.205 → 0.1.207

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/server",
-	"version": "0.1.205",
+	"version": "0.1.207",
 	"description": "HTTP API server for ottocode",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -49,8 +49,8 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"@ottocode/sdk": "0.1.205",
-		"@ottocode/database": "0.1.205",
+		"@ottocode/sdk": "0.1.207",
+		"@ottocode/database": "0.1.207",
 		"drizzle-orm": "^0.44.5",
 		"hono": "^4.9.9",
 		"zod": "^4.1.8"

package/src/openapi/paths/git.ts

@@ -500,4 +500,139 @@ export const gitPaths = {
 			},
 		},
 	},
+	'/v1/git/remotes': {
+		get: {
+			tags: ['git'],
+			operationId: 'getGitRemotes',
+			summary: 'List git remotes',
+			parameters: [projectQueryParam()],
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									status: { type: 'string', enum: ['ok'] },
+									data: {
+										type: 'object',
+										properties: {
+											remotes: {
+												type: 'array',
+												items: {
+													type: 'object',
+													properties: {
+														name: { type: 'string' },
+														url: { type: 'string' },
+														type: { type: 'string' },
+													},
+													required: ['name', 'url', 'type'],
+												},
+											},
+										},
+										required: ['remotes'],
+									},
+								},
+								required: ['status', 'data'],
+							},
+						},
+					},
+				},
+				400: gitErrorResponse(),
+				500: gitErrorResponse(),
+			},
+		},
+		post: {
+			tags: ['git'],
+			operationId: 'addGitRemote',
+			summary: 'Add a git remote',
+			requestBody: {
+				required: true,
+				content: {
+					'application/json': {
+						schema: {
+							type: 'object',
+							properties: {
+								project: { type: 'string' },
+								name: { type: 'string' },
+								url: { type: 'string' },
+							},
+							required: ['name', 'url'],
+						},
+					},
+				},
+			},
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									status: { type: 'string', enum: ['ok'] },
+									data: {
+										type: 'object',
+										properties: {
+											name: { type: 'string' },
+											url: { type: 'string' },
+										},
+										required: ['name', 'url'],
+									},
+								},
+								required: ['status', 'data'],
+							},
+						},
+					},
+				},
+				400: gitErrorResponse(),
+				500: gitErrorResponse(),
+			},
+		},
+		delete: {
+			tags: ['git'],
+			operationId: 'removeGitRemote',
+			summary: 'Remove a git remote',
+			requestBody: {
+				required: true,
+				content: {
+					'application/json': {
+						schema: {
+							type: 'object',
+							properties: {
+								project: { type: 'string' },
+								name: { type: 'string' },
+							},
+							required: ['name'],
+						},
+					},
+				},
+			},
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									status: { type: 'string', enum: ['ok'] },
+									data: {
+										type: 'object',
+										properties: {
+											removed: { type: 'string' },
+										},
+										required: ['removed'],
+									},
+								},
+								required: ['status', 'data'],
+							},
+						},
+					},
+				},
+				500: gitErrorResponse(),
+			},
+		},
+	},
 } as const;

package/src/openapi/schemas.ts

@@ -234,6 +234,11 @@ export const schemas = {
 			},
 			hasChanges: { type: 'boolean' },
 			hasConflicts: { type: 'boolean' },
+			hasUpstream: { type: 'boolean' },
+			remotes: {
+				type: 'array',
+				items: { type: 'string' },
+			},
 		},
 		required: [
 			'branch',
@@ -245,6 +250,8 @@ export const schemas = {
 			'conflicted',
 			'hasChanges',
 			'hasConflicts',
+			'hasUpstream',
+			'remotes',
 		],
 	},
 	GitFile: {

package/src/routes/files.ts

@@ -346,4 +346,45 @@ export function registerFilesRoutes(app: Hono) {
 			return c.json({ error: serializeError(err) }, 500);
 		}
 	});
+
+	app.get('/v1/files/raw', async (c) => {
+		try {
+			const projectRoot = c.req.query('project') || process.cwd();
+			const filePath = c.req.query('path');
+
+			if (!filePath) {
+				return c.json({ error: 'Missing required query parameter: path' }, 400);
+			}
+
+			const absPath = join(projectRoot, filePath);
+			if (!absPath.startsWith(projectRoot)) {
+				return c.json({ error: 'Path traversal not allowed' }, 403);
+			}
+
+			const ext = filePath.split('.').pop()?.toLowerCase() ?? '';
+			const mimeTypes: Record<string, string> = {
+				png: 'image/png',
+				jpg: 'image/jpeg',
+				jpeg: 'image/jpeg',
+				gif: 'image/gif',
+				svg: 'image/svg+xml',
+				webp: 'image/webp',
+				ico: 'image/x-icon',
+				bmp: 'image/bmp',
+				avif: 'image/avif',
+			};
+			const contentType = mimeTypes[ext] || 'application/octet-stream';
+
+			const data = await readFile(absPath);
+			return new Response(data, {
+				headers: {
+					'Content-Type': contentType,
+					'Cache-Control': 'no-cache',
+				},
+			});
+		} catch (err) {
+			logger.error('Files raw route error:', err);
+			return c.json({ error: serializeError(err) }, 500);
+		}
+	});
 }

package/src/routes/git/index.ts

@@ -7,6 +7,7 @@ import { registerCommitRoutes } from './commit.ts';
 import { registerPushRoute } from './push.ts';
 import { registerPullRoute } from './pull.ts';
 import { registerInitRoute } from './init.ts';
+import { registerRemoteRoutes } from './remote.ts';
 
 export type { GitFile } from './types.ts';
 
@@ -19,4 +20,5 @@ export function registerGitRoutes(app: Hono) {
 	registerPushRoute(app);
 	registerPullRoute(app);
 	registerInitRoute(app);
+	registerRemoteRoutes(app);
 }

package/src/routes/git/remote.ts

@@ -0,0 +1,121 @@
+import type { Hono } from 'hono';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { gitRemoteAddSchema, gitRemoteRemoveSchema } from './schemas.ts';
+import { validateAndGetGitRoot } from './utils.ts';
+
+const execFileAsync = promisify(execFile);
+
+export function registerRemoteRoutes(app: Hono) {
+	app.get('/v1/git/remotes', async (c) => {
+		try {
+			const project = c.req.query('project');
+			const requestedPath = project || process.cwd();
+
+			const validation = await validateAndGetGitRoot(requestedPath);
+			if ('error' in validation) {
+				return c.json(
+					{ status: 'error', error: validation.error, code: validation.code },
+					400,
+				);
+			}
+
+			const { gitRoot } = validation;
+
+			const { stdout } = await execFileAsync('git', ['remote', '-v'], {
+				cwd: gitRoot,
+			});
+
+			const remotes: { name: string; url: string; type: string }[] = [];
+			const seen = new Set<string>();
+			for (const line of stdout.trim().split('\n').filter(Boolean)) {
+				const match = line.match(/^(\S+)\s+(\S+)\s+\((\w+)\)$/);
+				if (match) {
+					const key = `${match[1]}:${match[3]}`;
+					if (!seen.has(key)) {
+						seen.add(key);
+						remotes.push({
+							name: match[1],
+							url: match[2],
+							type: match[3],
+						});
+					}
+				}
+			}
+
+			return c.json({ status: 'ok', data: { remotes } });
+		} catch (error) {
+			return c.json(
+				{
+					status: 'error',
+					error:
+						error instanceof Error ? error.message : 'Failed to list remotes',
+				},
+				500,
+			);
+		}
+	});
+
+	app.post('/v1/git/remotes', async (c) => {
+		try {
+			const body = await c.req.json().catch(() => ({}));
+			const { project, name, url } = gitRemoteAddSchema.parse(body);
+			const requestedPath = project || process.cwd();
+
+			const validation = await validateAndGetGitRoot(requestedPath);
+			if ('error' in validation) {
+				return c.json(
+					{ status: 'error', error: validation.error, code: validation.code },
+					400,
+				);
+			}
+
+			const { gitRoot } = validation;
+
+			await execFileAsync('git', ['remote', 'add', name, url], {
+				cwd: gitRoot,
+			});
+
+			return c.json({
+				status: 'ok',
+				data: { name, url },
+			});
+		} catch (error) {
+			const message =
+				error instanceof Error ? error.message : 'Failed to add remote';
+			const status = message.includes('already exists') ? 400 : 500;
+			return c.json({ status: 'error', error: message }, status);
+		}
+	});
+
+	app.delete('/v1/git/remotes', async (c) => {
+		try {
+			const body = await c.req.json().catch(() => ({}));
+			const { project, name } = gitRemoteRemoveSchema.parse(body);
+			const requestedPath = project || process.cwd();
+
+			const validation = await validateAndGetGitRoot(requestedPath);
+			if ('error' in validation) {
+				return c.json(
+					{ status: 'error', error: validation.error, code: validation.code },
+					400,
+				);
+			}
+
+			const { gitRoot } = validation;
+
+			await execFileAsync('git', ['remote', 'remove', name], {
+				cwd: gitRoot,
+			});
+
+			return c.json({
+				status: 'ok',
+				data: { removed: name },
+			});
+		} catch (error) {
+			const message =
+				error instanceof Error ? error.message : 'Failed to remove remote';
+			return c.json({ status: 'error', error: message }, 500);
+		}
+	});
+}

package/src/routes/git/schemas.ts

@@ -50,3 +50,14 @@ export const gitPushSchema = z.object({
 export const gitPullSchema = z.object({
 	project: z.string().optional(),
 });
+
+export const gitRemoteAddSchema = z.object({
+	project: z.string().optional(),
+	name: z.string().min(1),
+	url: z.string().min(1),
+});
+
+export const gitRemoteRemoveSchema = z.object({
+	project: z.string().optional(),
+	name: z.string().min(1),
+});

package/src/routes/git/status.ts

@@ -45,6 +45,26 @@ export function registerStatusRoute(app: Hono) {
 
 			const branch = await getCurrentBranch(gitRoot);
 
+			let hasUpstream = false;
+			try {
+				await execFileAsync(
+					'git',
+					['rev-parse', '--abbrev-ref', '@{upstream}'],
+					{ cwd: gitRoot },
+				);
+				hasUpstream = true;
+			} catch {}
+
+			let remotes: string[] = [];
+			try {
+				const { stdout: remotesOutput } = await execFileAsync(
+					'git',
+					['remote'],
+					{ cwd: gitRoot },
+				);
+				remotes = remotesOutput.trim().split('\n').filter(Boolean);
+			} catch {}
+
 			const hasChanges =
 				staged.length > 0 ||
 				unstaged.length > 0 ||
@@ -59,6 +79,8 @@ export function registerStatusRoute(app: Hono) {
 					branch,
 					ahead,
 					behind,
+					hasUpstream,
+					remotes,
 					gitRoot,
 					workingDir: requestedPath,
 					staged,

package/src/routes/mcp.ts

@@ -8,6 +8,39 @@ import {
 	addMCPServerToConfig,
 	removeMCPServerFromConfig,
 } from '@ottocode/sdk';
+import {
+	authorizeCopilot,
+	pollForCopilotTokenOnce,
+	getAuth,
+	setAuth,
+} from '@ottocode/sdk';
+
+const GITHUB_COPILOT_HOSTS = [
+	'api.githubcopilot.com',
+	'copilot-proxy.githubusercontent.com',
+];
+
+function isGitHubCopilotUrl(url?: string): boolean {
+	if (!url) return false;
+	try {
+		const parsed = new URL(url);
+		return GITHUB_COPILOT_HOSTS.some(
+			(h) => parsed.hostname === h || parsed.hostname.endsWith(`.${h}`),
+		);
+	} catch {
+		return false;
+	}
+}
+
+const copilotMCPSessions = new Map<
+	string,
+	{
+		deviceCode: string;
+		interval: number;
+		serverName: string;
+		createdAt: number;
+	}
+>();
 
 export function registerMCPRoutes(app: Hono) {
 	app.get('/v1/mcp/servers', async (c) => {
@@ -30,6 +63,7 @@ export function registerMCPRoutes(app: Hono) {
 				authRequired: status?.authRequired ?? false,
 				authenticated: status?.authenticated ?? false,
 				scope: s.scope ?? 'global',
+				...(isGitHubCopilotUrl(s.url) ? { authType: 'copilot-device' } : {}),
 			};
 		});
 
@@ -104,6 +138,10 @@ export function registerMCPRoutes(app: Hono) {
 		try {
 			const manager = getMCPManager();
 			if (manager) {
+				const config = await loadMCPConfig(projectRoot, getGlobalConfigDir());
+				const serverConfig = config.servers.find((s) => s.name === name);
+				const scope = serverConfig?.scope ?? 'global';
+				await manager.clearAuthData(name, scope, projectRoot);
 				await manager.stopServer(name);
 			}
 
@@ -144,6 +182,37 @@ export function registerMCPRoutes(app: Hono) {
 			const status = (await manager.getStatusAsync()).find(
 				(s) => s.name === name,
 			);
+
+			if (isGitHubCopilotUrl(serverConfig.url) && !status?.connected) {
+				const MCP_SCOPES =
+					'repo read:org read:packages gist notifications read:project security_events';
+				const existingAuth = await getAuth('copilot');
+				const hasMCPScopes =
+					existingAuth?.type === 'oauth' && existingAuth.scopes === MCP_SCOPES;
+
+				if (!existingAuth || existingAuth.type !== 'oauth' || !hasMCPScopes) {
+					const deviceData = await authorizeCopilot({ mcp: true });
+					const sessionId = crypto.randomUUID();
+					copilotMCPSessions.set(sessionId, {
+						deviceCode: deviceData.deviceCode,
+						interval: deviceData.interval,
+						serverName: name,
+						createdAt: Date.now(),
+					});
+					return c.json({
+						ok: true,
+						name,
+						connected: false,
+						authRequired: true,
+						authType: 'copilot-device',
+						sessionId,
+						userCode: deviceData.userCode,
+						verificationUri: deviceData.verificationUri,
+						interval: deviceData.interval,
+					});
+				}
+			}
+
 			return c.json({
 				ok: true,
 				name,
@@ -185,6 +254,48 @@ export function registerMCPRoutes(app: Hono) {
 			return c.json({ ok: false, error: `Server "${name}" not found` }, 404);
 		}
 
+		if (isGitHubCopilotUrl(serverConfig.url)) {
+			try {
+				const MCP_SCOPES =
+					'repo read:org read:packages gist notifications read:project security_events';
+				const existingAuth = await getAuth('copilot');
+				if (
+					existingAuth?.type === 'oauth' &&
+					existingAuth.refresh &&
+					existingAuth.scopes === MCP_SCOPES
+				) {
+					return c.json({
+						ok: true,
+						name,
+						authType: 'copilot-device',
+						authenticated: true,
+						message: 'Already authenticated with MCP scopes',
+					});
+				}
+
+				const deviceData = await authorizeCopilot({ mcp: true });
+				const sessionId = crypto.randomUUID();
+				copilotMCPSessions.set(sessionId, {
+					deviceCode: deviceData.deviceCode,
+					interval: deviceData.interval,
+					serverName: name,
+					createdAt: Date.now(),
+				});
+				return c.json({
+					ok: true,
+					name,
+					authType: 'copilot-device',
+					sessionId,
+					userCode: deviceData.userCode,
+					verificationUri: deviceData.verificationUri,
+					interval: deviceData.interval,
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				return c.json({ ok: false, error: msg }, 500);
+			}
+		}
+
 		try {
 			let manager = getMCPManager();
 			if (!manager) {
@@ -212,7 +323,66 @@ export function registerMCPRoutes(app: Hono) {
 	app.post('/v1/mcp/servers/:name/auth/callback', async (c) => {
 		const name = c.req.param('name');
 		const body = await c.req.json();
-		const { code } = body;
+		const { code, sessionId } = body;
+
+		if (sessionId) {
+			const session = copilotMCPSessions.get(sessionId);
+			if (!session || session.serverName !== name) {
+				return c.json({ ok: false, error: 'Session expired or invalid' }, 400);
+			}
+			try {
+				const result = await pollForCopilotTokenOnce(session.deviceCode);
+				if (result.status === 'complete') {
+					copilotMCPSessions.delete(sessionId);
+					await setAuth(
+						'copilot',
+						{
+							type: 'oauth',
+							refresh: result.accessToken,
+							access: result.accessToken,
+							expires: 0,
+							scopes:
+								'repo read:org read:packages gist notifications read:project security_events',
+						},
+						undefined,
+						'global',
+					);
+					const projectRoot = process.cwd();
+					const config = await loadMCPConfig(projectRoot, getGlobalConfigDir());
+					const serverConfig = config.servers.find((s) => s.name === name);
+					let mcpMgr = getMCPManager();
+					if (serverConfig) {
+						if (!mcpMgr) {
+							mcpMgr = await initializeMCP({ servers: [] }, projectRoot);
+						}
+						await mcpMgr.restartServer(serverConfig);
+					}
+					mcpMgr = getMCPManager();
+					const status = mcpMgr
+						? (await mcpMgr.getStatusAsync()).find((s) => s.name === name)
+						: undefined;
+					return c.json({
+						ok: true,
+						status: 'complete',
+						name,
+						connected: status?.connected ?? false,
+						tools: status?.tools ?? [],
+					});
+				}
+				if (result.status === 'pending') {
+					return c.json({ ok: true, status: 'pending' });
+				}
+				copilotMCPSessions.delete(sessionId);
+				return c.json({
+					ok: false,
+					status: 'error',
+					error: result.status === 'error' ? result.error : 'Unknown error',
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				return c.json({ ok: false, error: msg }, 500);
+			}
+		}
 
 		if (!code) {
 			return c.json({ ok: false, error: 'code is required' }, 400);
@@ -245,8 +415,21 @@ export function registerMCPRoutes(app: Hono) {
 
 	app.get('/v1/mcp/servers/:name/auth/status', async (c) => {
 		const name = c.req.param('name');
-		const manager = getMCPManager();
+		const projectRoot = process.cwd();
+		const config = await loadMCPConfig(projectRoot, getGlobalConfigDir());
+		const serverConfig = config.servers.find((s) => s.name === name);
+
+		if (serverConfig && isGitHubCopilotUrl(serverConfig.url)) {
+			try {
+				const auth = await getAuth('copilot');
+				const authenticated = auth?.type === 'oauth' && !!auth.refresh;
+				return c.json({ authenticated, authType: 'copilot-device' });
+			} catch {
+				return c.json({ authenticated: false, authType: 'copilot-device' });
+			}
+		}
 
+		const manager = getMCPManager();
 		if (!manager) {
 			return c.json({ authenticated: false });
 		}
@@ -261,8 +444,26 @@ export function registerMCPRoutes(app: Hono) {
 
 	app.delete('/v1/mcp/servers/:name/auth', async (c) => {
 		const name = c.req.param('name');
-		const manager = getMCPManager();
+		const projectRoot = process.cwd();
+		const config = await loadMCPConfig(projectRoot, getGlobalConfigDir());
+		const serverConfig = config.servers.find((s) => s.name === name);
 
+		if (serverConfig && isGitHubCopilotUrl(serverConfig.url)) {
+			try {
+				const { removeAuth } = await import('@ottocode/sdk');
+				await removeAuth('copilot');
+				const manager = getMCPManager();
+				if (manager) {
+					await manager.stopServer(name);
+				}
+				return c.json({ ok: true, name });
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				return c.json({ ok: false, error: msg }, 500);
+			}
+		}
+
+		const manager = getMCPManager();
 		if (!manager) {
 			return c.json({ ok: false, error: 'No MCP manager active' }, 400);
 		}

package/src/runtime/agent/mcp-prepare-step.ts

@@ -0,0 +1,69 @@
+import type { Tool } from 'ai';
+import { debugLog } from '../debug/index.ts';
+
+export interface MCPPrepareStepState {
+	mcpToolsRecord: Record<string, Tool>;
+	loadedMCPTools: Set<string>;
+	baseToolNames: string[];
+	canonicalToRegistration: Record<string, string>;
+	loadToolRegistrationName: string;
+}
+
+export function createMCPPrepareStepState(
+	mcpToolsRecord: Record<string, Tool>,
+	baseToolNames: string[],
+	canonicalToRegistration: Record<string, string>,
+	loadToolRegistrationName: string,
+): MCPPrepareStepState {
+	return {
+		mcpToolsRecord,
+		loadedMCPTools: new Set(),
+		baseToolNames,
+		canonicalToRegistration,
+		loadToolRegistrationName,
+	};
+}
+
+export function buildPrepareStep(state: MCPPrepareStepState) {
+	return async ({
+		stepNumber,
+		steps,
+	}: {
+		stepNumber: number;
+		steps: unknown[];
+	}) => {
+		const previousSteps = steps as Array<{
+			toolCalls?: Array<{ toolName: string; input: unknown }>;
+			toolResults?: Array<{ toolName: string; output: unknown }>;
+		}>;
+
+		for (const step of previousSteps) {
+			if (!step.toolCalls) continue;
+			for (const call of step.toolCalls) {
+				if (call.toolName !== state.loadToolRegistrationName) continue;
+				const result = (step.toolResults ?? []).find(
+					(r) => r.toolName === state.loadToolRegistrationName,
+				);
+				const output = result?.output as { loaded?: string[] } | undefined;
+				if (!output?.loaded) continue;
+				for (const canonicalName of output.loaded) {
+					const regName =
+						state.canonicalToRegistration[canonicalName] ?? canonicalName;
+					if (!state.loadedMCPTools.has(regName)) {
+						state.loadedMCPTools.add(regName);
+					}
+				}
+			}
+		}
+
+		const activeTools = [...state.baseToolNames, ...state.loadedMCPTools];
+
+		if (state.loadedMCPTools.size > 0) {
+			debugLog(
+				`[MCP prepareStep] step=${stepNumber}, active MCP tools: ${[...state.loadedMCPTools].join(', ')}`,
+			);
+		}
+
+		return { activeTools };
+	};
+}

package/src/runtime/agent/runner-setup.ts

@@ -8,6 +8,7 @@ import { resolveModel } from '../provider/index.ts';
 import { resolveAgentConfig } from './registry.ts';
 import { composeSystemPrompt } from '../prompt/builder.ts';
 import { discoverProjectTools } from '@ottocode/sdk';
+import type { Tool } from 'ai';
 import { adaptTools } from '../../tools/adapter.ts';
 import { buildDatabaseTools } from '../../tools/database/index.ts';
 import { debugLog, time, isDebugEnabled } from '../debug/index.ts';
@@ -39,6 +40,7 @@ export interface SetupResult {
 	providerOptions: Record<string, unknown>;
 	needsSpoof: boolean;
 	isOpenAIOAuth: boolean;
+	mcpToolsRecord: Record<string, Tool>;
 }
 
 const THINKING_BUDGET = 16000;
@@ -143,7 +145,9 @@ export async function setupRunner(opts: RunOpts): Promise<SetupResult> {
 	}
 
 	const toolsTimer = time('runner:discoverTools');
-	const allTools = await discoverProjectTools(cfg.projectRoot);
+	const discovered = await discoverProjectTools(cfg.projectRoot);
+	const allTools = discovered.tools;
+	const { mcpToolsRecord } = discovered;
 
 	if (opts.agent === 'research') {
 		const currentSession = sessionRows[0];
@@ -151,19 +155,23 @@ export async function setupRunner(opts: RunOpts): Promise<SetupResult> {
 
 		const dbTools = buildDatabaseTools(cfg.projectRoot, parentSessionId);
 		for (const dt of dbTools) {
-			allTools.push(dt);
+			discovered.tools.push(dt);
 		}
 		debugLog(
 			`[tools] Added ${dbTools.length} database tools for research agent (parent: ${parentSessionId ?? 'none'})`,
 		);
 	}
 
-	toolsTimer.end({ count: allTools.length });
+	toolsTimer.end({
+		count: allTools.length + Object.keys(mcpToolsRecord).length,
+	});
 	const allowedNames = new Set([...(agentCfg.tools || []), 'finish']);
 	const gated = allTools.filter(
-		(tool) => allowedNames.has(tool.name) || tool.name.includes('__'),
+		(tool) => allowedNames.has(tool.name) || tool.name === 'load_mcp_tools',
+	);
+	debugLog(
+		`[tools] ${gated.length} gated tools, ${Object.keys(mcpToolsRecord).length} lazy MCP tools`,
 	);
-	debugLog(`[tools] ${gated.length} allowed tools (including MCP)`);
 
 	debugLog(`[RUNNER] About to create model with provider: ${opts.provider}`);
 	debugLog(`[RUNNER] About to create model ID: ${opts.model}`);
@@ -249,6 +257,7 @@ export async function setupRunner(opts: RunOpts): Promise<SetupResult> {
 		providerOptions,
 		needsSpoof: oauth.needsSpoof,
 		isOpenAIOAuth: oauth.isOpenAIOAuth,
+		mcpToolsRecord,
 	};
 }
 

package/src/runtime/agent/runner.ts

@@ -26,6 +26,11 @@ import {
 import { pruneSession } from '../message/compaction.ts';
 import { triggerDeferredTitleGeneration } from '../message/service.ts';
 import { setupRunner } from './runner-setup.ts';
+import {
+	createMCPPrepareStepState,
+	buildPrepareStep,
+} from './mcp-prepare-step.ts';
+import { adaptTools as adaptToolsFn } from '../../tools/adapter.ts';
 import {
 	type ReasoningState,
 	handleReasoningStart,
@@ -83,13 +88,54 @@ async function runAssistant(opts: RunOpts) {
 		additionalSystemMessages,
 		model,
 		effectiveMaxOutputTokens,
-		toolset,
 		sharedCtx,
 		firstToolTimer,
 		firstToolSeen,
 		providerOptions,
 		isOpenAIOAuth,
+		mcpToolsRecord,
 	} = setup;
+	let { toolset } = setup;
+
+	const hasMCPTools = Object.keys(mcpToolsRecord).length > 0;
+	let prepareStep: ReturnType<typeof buildPrepareStep> | undefined;
+
+	if (hasMCPTools) {
+		const baseToolNames = Object.keys(toolset);
+		const { getAuth: getAuthFn } = await import('@ottocode/sdk');
+		const providerAuth = await getAuthFn(opts.provider, cfg.projectRoot);
+		const adaptedMCP = adaptToolsFn(
+			Object.entries(mcpToolsRecord).map(([name, tool]) => ({ name, tool })),
+			sharedCtx,
+			opts.provider,
+			providerAuth?.type,
+		);
+		toolset = { ...toolset, ...adaptedMCP };
+		const canonicalToRegistration: Record<string, string> = {};
+		for (const canonical of Object.keys(mcpToolsRecord)) {
+			const regKeys = Object.keys(adaptedMCP);
+			const regName = regKeys.find(
+				(k) =>
+					k === canonical ||
+					k.toLowerCase().replace(/_/g, '') ===
+						canonical.toLowerCase().replace(/_/g, ''),
+			);
+			canonicalToRegistration[canonical] = regName ?? canonical;
+		}
+		const loadToolRegName =
+			Object.keys(toolset).find(
+				(k) =>
+					k === 'load_mcp_tools' ||
+					k.toLowerCase().replace(/_/g, '') === 'loadmcptools',
+			) ?? 'load_mcp_tools';
+		const mcpState = createMCPPrepareStepState(
+			mcpToolsRecord,
+			baseToolNames,
+			canonicalToRegistration,
+			loadToolRegName,
+		);
+		prepareStep = buildPrepareStep(mcpState);
+	}
 
 	const isFirstMessage = !history.some((m) => m.role === 'assistant');
 
@@ -213,6 +259,7 @@ async function runAssistant(opts: RunOpts) {
 			...(Object.keys(providerOptions).length > 0 ? { providerOptions } : {}),
 			abortSignal: opts.abortSignal,
 			stopWhen: stopWhenCondition,
+			...(prepareStep ? { prepareStep } : {}),
 			// biome-ignore lint/suspicious/noExplicitAny: AI SDK callback types mismatch
 			onStepFinish: onStepFinish as any,
 			// biome-ignore lint/suspicious/noExplicitAny: AI SDK callback types mismatch

package/src/runtime/message/tool-history-tracker.ts

@@ -80,6 +80,9 @@ function describeToolResult(info: ToolResultInfo): TargetDescriptor | null {
 		case 'multiedit':
 			return describeEdit(info);
 		default:
+			if (toolName.includes('__')) {
+				return describeMcpTool(info);
+			}
 			return null;
 	}
 }
@@ -215,3 +218,54 @@ function describeEdit(info: ToolResultInfo): TargetDescriptor | null {
 	const summary = `[previous edit] ${normalized}`;
 	return { keys: [key], summary };
 }
+
+function describeMcpTool(info: ToolResultInfo): TargetDescriptor | null {
+	const { toolName } = info;
+	const result = getRecord(info.result);
+	const args = getRecord(info.args);
+
+	const hasImages =
+		result && Array.isArray(result.images) && result.images.length > 0;
+	const resultStr =
+		result && typeof result.result === 'string' ? result.result : null;
+	const estimatedSize = hasImages
+		? estimateBase64Size(result.images as Array<{ data: string }>)
+		: resultStr
+			? resultStr.length
+			: 0;
+
+	if (estimatedSize < 2000 && !hasImages) return null;
+
+	const argsHint = args
+		? Object.entries(args)
+				.slice(0, 3)
+				.map(([k, v]) => {
+					const val =
+						typeof v === 'string'
+							? v.length > 30
+								? `${v.slice(0, 27)}…`
+								: v
+							: JSON.stringify(v);
+					return `${k}=${val}`;
+				})
+				.join(' ')
+		: '';
+
+	const sizeLabel = hasImages
+		? `${(result.images as unknown[]).length} image(s), ~${Math.round(estimatedSize / 1024)}KB`
+		: `~${Math.round(estimatedSize / 1024)}KB`;
+
+	const key = `mcp:${toolName}`;
+	const summary = `[previous MCP call] ${toolName}${argsHint ? ` (${argsHint})` : ''} → ${sizeLabel}`;
+	return { keys: [key], summary };
+}
+
+function estimateBase64Size(images: Array<{ data: string }>): number {
+	let total = 0;
+	for (const img of images) {
+		if (typeof img.data === 'string') {
+			total += Math.floor(img.data.length * 0.75);
+		}
+	}
+	return total;
+}