@poncho-ai/harness 0.33.1 → 0.34.0

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @poncho-ai/harness@0.33.1 build /home/runner/work/poncho-ai/poncho-ai/packages/harness
+> @poncho-ai/harness@0.34.0 build /home/runner/work/poncho-ai/poncho-ai/packages/harness
 > node scripts/embed-docs.js && tsup src/index.ts --format esm --dts
 
 [embed-docs] Generated poncho-docs.ts with 4 topics
@@ -8,8 +8,8 @@
 CLI tsup v8.5.1
 CLI Target: es2022
 ESM Build start
-ESM dist/index.js 335.08 KB
-ESM ⚡️ Build success in 167ms
+ESM dist/index.js 336.31 KB
+ESM ⚡️ Build success in 164ms
 DTS Build start
-DTS ⚡️ Build success in 7028ms
-DTS dist/index.d.ts 33.55 KB
+DTS ⚡️ Build success in 7760ms
+DTS dist/index.d.ts 33.99 KB

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @poncho-ai/harness
 
+## 0.34.0
+
+### Minor Changes
+
+- [`3f096f2`](https://github.com/cesr/poncho-ai/commit/3f096f28b9ab797b52f1b725778976929156cce9) Thanks [@cesr](https://github.com/cesr)! - fix: scope MCP tools to skills via server-level claiming
+
+  MCP tools from configured servers are now globally available by default. When a skill claims any tool from a server via `allowed-tools`, the entire server becomes skill-managed — its tools are only available when the claiming skill is active (or declared in AGENT.md `allowed-tools`).
+
 ## 0.33.1
 
 ### Patch Changes

package/dist/index.d.ts

@@ -759,6 +759,14 @@ declare class AgentHarness {
     private getAgentScriptIntent;
     private getAgentMcpApprovalPatterns;
     private getAgentScriptApprovalPatterns;
+    /**
+     * Return the set of MCP server names that have at least one tool claimed by
+     * any loaded skill's `allowedTools.mcp`.  When ANY skill claims tools from a
+     * server, the entire server is considered "skill-managed" — none of its tools
+     * are auto-exposed globally; only explicitly declared tools become available
+     * (via agent-level allowed-tools or active skill allowed-tools).
+     */
+    private getSkillManagedMcpServers;
     private getRequestedMcpPatterns;
     private getRequestedScriptPatterns;
     private getRequestedMcpApprovalPatterns;

package/dist/index.js

@@ -882,6 +882,7 @@ Connect your Poncho agent to messaging platforms so it responds to @mentions.
 1. Go to [api.slack.com/apps](https://api.slack.com/apps) and create a new app "From scratch"
 2. Under **OAuth & Permissions**, add these Bot Token Scopes:
    - \`app_mentions:read\`
+   - \`channels:history\` (needed to fetch thread context when mentioned in a reply)
    - \`chat:write\`
    - \`reactions:write\`
 3. Under **Event Subscriptions**, enable events:
@@ -6301,6 +6302,25 @@ var AgentHarness = class _AgentHarness {
   getAgentScriptApprovalPatterns() {
     return this.parsedAgent?.frontmatter.approvalRequired?.scripts ?? [];
   }
+  /**
+   * Return the set of MCP server names that have at least one tool claimed by
+   * any loaded skill's `allowedTools.mcp`.  When ANY skill claims tools from a
+   * server, the entire server is considered "skill-managed" — none of its tools
+   * are auto-exposed globally; only explicitly declared tools become available
+   * (via agent-level allowed-tools or active skill allowed-tools).
+   */
+  getSkillManagedMcpServers() {
+    const servers = /* @__PURE__ */ new Set();
+    for (const skill of this.loadedSkills) {
+      for (const pattern of skill.allowedTools.mcp) {
+        const slash = pattern.indexOf("/");
+        if (slash > 0) {
+          servers.add(pattern.slice(0, slash));
+        }
+      }
+    }
+    return servers;
+  }
   getRequestedMcpPatterns() {
     const patterns = new Set(this.getAgentMcpIntent());
     for (const skillName of this.activeSkillNames) {
@@ -6312,6 +6332,17 @@ var AgentHarness = class _AgentHarness {
         patterns.add(pattern);
       }
     }
+    if (this.mcpBridge) {
+      const managedServers = this.getSkillManagedMcpServers();
+      const discoveredTools = this.mcpBridge.listDiscoveredTools();
+      for (const toolName of discoveredTools) {
+        const slash = toolName.indexOf("/");
+        const serverName = slash > 0 ? toolName.slice(0, slash) : toolName;
+        if (!managedServers.has(serverName)) {
+          patterns.add(toolName);
+        }
+      }
+    }
     return [...patterns];
   }
   getRequestedScriptPatterns() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poncho-ai/harness",
-  "version": "0.33.1",
+  "version": "0.34.0",
   "description": "Agent execution runtime - conversation loop, tool dispatch, streaming",
   "repository": {
     "type": "git",

package/src/harness.ts

@@ -995,8 +995,30 @@ export class AgentHarness {
     return this.parsedAgent?.frontmatter.approvalRequired?.scripts ?? [];
   }
 
+  /**
+   * Return the set of MCP server names that have at least one tool claimed by
+   * any loaded skill's `allowedTools.mcp`.  When ANY skill claims tools from a
+   * server, the entire server is considered "skill-managed" — none of its tools
+   * are auto-exposed globally; only explicitly declared tools become available
+   * (via agent-level allowed-tools or active skill allowed-tools).
+   */
+  private getSkillManagedMcpServers(): Set<string> {
+    const servers = new Set<string>();
+    for (const skill of this.loadedSkills) {
+      for (const pattern of skill.allowedTools.mcp) {
+        const slash = pattern.indexOf("/");
+        if (slash > 0) {
+          servers.add(pattern.slice(0, slash));
+        }
+      }
+    }
+    return servers;
+  }
+
   private getRequestedMcpPatterns(): string[] {
     const patterns = new Set<string>(this.getAgentMcpIntent());
+
+    // Add patterns from active skills.
     for (const skillName of this.activeSkillNames) {
       const skill = this.loadedSkills.find((entry) => entry.name === skillName);
       if (!skill) {
@@ -1006,6 +1028,26 @@ export class AgentHarness {
         patterns.add(pattern);
       }
     }
+
+    // MCP servers whose tools are NOT claimed by any skill are "unmanaged" —
+    // all their discovered tools are globally available so that configuring a
+    // server in poncho.config.js makes its tools accessible by default.
+    //
+    // Once ANY skill claims tools from a server (even a single tool), that
+    // server becomes "skill-managed" and ALL of its tools require explicit
+    // declaration (agent-level or active-skill) to be available.
+    if (this.mcpBridge) {
+      const managedServers = this.getSkillManagedMcpServers();
+      const discoveredTools = this.mcpBridge.listDiscoveredTools();
+      for (const toolName of discoveredTools) {
+        const slash = toolName.indexOf("/");
+        const serverName = slash > 0 ? toolName.slice(0, slash) : toolName;
+        if (!managedServers.has(serverName)) {
+          patterns.add(toolName);
+        }
+      }
+    }
+
     return [...patterns];
   }
 

package/test/harness.test.ts

@@ -1037,6 +1037,360 @@ allowed-tools:
     await new Promise<void>((resolveClose) => mcpServer.close(() => resolveClose()));
   });
 
+  it("unclaimed MCP tools are globally available without allowed-tools declaration", async () => {
+    process.env.LINEAR_TOKEN = "token-123";
+    const mcpServer = createServer(async (req, res) => {
+      if (req.method === "DELETE") {
+        res.statusCode = 200;
+        res.end();
+        return;
+      }
+      const chunks: Buffer[] = [];
+      for await (const chunk of req) chunks.push(Buffer.from(chunk));
+      const body = Buffer.concat(chunks).toString("utf8");
+      const payload = body.trim().length > 0 ? (JSON.parse(body) as any) : {};
+      if (payload.method === "initialize") {
+        res.setHeader("Content-Type", "application/json");
+        res.setHeader("Mcp-Session-Id", "sess");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: {
+              protocolVersion: "2025-03-26",
+              capabilities: { tools: { listChanged: true } },
+              serverInfo: { name: "remote", version: "1.0.0" },
+            },
+          }),
+        );
+        return;
+      }
+      if (payload.method === "notifications/initialized") {
+        res.statusCode = 202;
+        res.end();
+        return;
+      }
+      if (payload.method === "tools/list") {
+        res.setHeader("Content-Type", "application/json");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: {
+              tools: [
+                { name: "list_issues", inputSchema: { type: "object", properties: {} } },
+                { name: "save_issue", inputSchema: { type: "object", properties: {} } },
+              ],
+            },
+          }),
+        );
+        return;
+      }
+      res.statusCode = 404;
+      res.end();
+    });
+    await new Promise<void>((resolveOpen) => mcpServer.listen(0, () => resolveOpen()));
+    const address = mcpServer.address();
+    if (!address || typeof address === "string") throw new Error("Unexpected address");
+    const dir = await mkdtemp(join(tmpdir(), "poncho-harness-unclaimed-mcp-"));
+    // AGENT.md with no allowed-tools and no skills — MCP tools should be globally available
+    await writeFile(
+      join(dir, "AGENT.md"),
+      `---
+name: unclaimed-mcp-agent
+model:
+  provider: anthropic
+  name: claude-opus-4-5
+---
+
+# Agent with unclaimed MCP tools
+`,
+      "utf8",
+    );
+    await writeFile(
+      join(dir, "poncho.config.js"),
+      `export default {
+  mcp: [
+    {
+      name: "linear",
+      url: "http://127.0.0.1:${address.port}/mcp",
+      auth: { type: "bearer", tokenEnv: "LINEAR_TOKEN" }
+    }
+  ]
+};
+`,
+      "utf8",
+    );
+    const harness = new AgentHarness({ workingDir: dir });
+    await harness.initialize();
+    const toolNames = () => harness.listTools().map((t) => t.name);
+    // Unclaimed tools should be globally available
+    expect(toolNames()).toContain("linear/list_issues");
+    expect(toolNames()).toContain("linear/save_issue");
+    await harness.shutdown();
+    await new Promise<void>((resolveClose) => mcpServer.close(() => resolveClose()));
+  });
+
+  it("claiming any tool from a server scopes the entire server", async () => {
+    process.env.LINEAR_TOKEN = "token-123";
+    const mcpServer = createServer(async (req, res) => {
+      if (req.method === "DELETE") {
+        res.statusCode = 200;
+        res.end();
+        return;
+      }
+      const chunks: Buffer[] = [];
+      for await (const chunk of req) chunks.push(Buffer.from(chunk));
+      const body = Buffer.concat(chunks).toString("utf8");
+      const payload = body.trim().length > 0 ? (JSON.parse(body) as any) : {};
+      if (payload.method === "initialize") {
+        res.setHeader("Content-Type", "application/json");
+        res.setHeader("Mcp-Session-Id", "sess");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: {
+              protocolVersion: "2025-03-26",
+              capabilities: { tools: { listChanged: true } },
+              serverInfo: { name: "remote", version: "1.0.0" },
+            },
+          }),
+        );
+        return;
+      }
+      if (payload.method === "notifications/initialized") {
+        res.statusCode = 202;
+        res.end();
+        return;
+      }
+      if (payload.method === "tools/list") {
+        res.setHeader("Content-Type", "application/json");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: {
+              tools: [
+                { name: "list_issues", inputSchema: { type: "object", properties: {} } },
+                { name: "save_issue", inputSchema: { type: "object", properties: {} } },
+                { name: "other_tool", inputSchema: { type: "object", properties: {} } },
+              ],
+            },
+          }),
+        );
+        return;
+      }
+      if (payload.method === "tools/call") {
+        res.setHeader("Content-Type", "application/json");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: { result: { ok: true } },
+          }),
+        );
+        return;
+      }
+      res.statusCode = 404;
+      res.end();
+    });
+    await new Promise<void>((resolveOpen) => mcpServer.listen(0, () => resolveOpen()));
+    const address = mcpServer.address();
+    if (!address || typeof address === "string") throw new Error("Unexpected address");
+    const dir = await mkdtemp(join(tmpdir(), "poncho-harness-server-scoped-"));
+    await writeFile(
+      join(dir, "AGENT.md"),
+      `---
+name: server-scoped-agent
+model:
+  provider: anthropic
+  name: claude-opus-4-5
+---
+
+# Server Scoped Agent
+`,
+      "utf8",
+    );
+    await writeFile(
+      join(dir, "poncho.config.js"),
+      `export default {
+  mcp: [
+    {
+      name: "remote",
+      url: "http://127.0.0.1:${address.port}/mcp",
+      auth: { type: "bearer", tokenEnv: "LINEAR_TOKEN" }
+    }
+  ]
+};
+`,
+      "utf8",
+    );
+    // Skill claims only 2 of the 3 tools from "remote" server
+    await mkdir(join(dir, "skills", "linear"), { recursive: true });
+    await writeFile(
+      join(dir, "skills", "linear", "SKILL.md"),
+      `---
+name: linear
+description: Linear issue tracking
+allowed-tools:
+  - mcp:remote/list_issues
+  - mcp:remote/save_issue
+---
+# Linear Skill
+`,
+      "utf8",
+    );
+    const harness = new AgentHarness({ workingDir: dir });
+    await harness.initialize();
+    const toolNames = () => harness.listTools().map((t) => t.name);
+
+    // Before activation: entire server is skill-managed, so ALL tools are hidden
+    // (even other_tool which the skill didn't explicitly claim)
+    expect(toolNames()).not.toContain("remote/list_issues");
+    expect(toolNames()).not.toContain("remote/save_issue");
+    expect(toolNames()).not.toContain("remote/other_tool");
+
+    // Activate the linear skill — only its declared tools appear
+    const activate = harness.listTools().find((t) => t.name === "activate_skill")!;
+    const deactivate = harness.listTools().find((t) => t.name === "deactivate_skill")!;
+    await activate.handler({ name: "linear" }, {} as any);
+
+    expect(toolNames()).toContain("remote/list_issues");
+    expect(toolNames()).toContain("remote/save_issue");
+    // other_tool is NOT claimed by any active skill, and the server is managed
+    expect(toolNames()).not.toContain("remote/other_tool");
+
+    // Deactivate — all tools from the managed server hidden again
+    await deactivate.handler({ name: "linear" }, {} as any);
+    expect(toolNames()).not.toContain("remote/list_issues");
+    expect(toolNames()).not.toContain("remote/save_issue");
+    expect(toolNames()).not.toContain("remote/other_tool");
+
+    await harness.shutdown();
+    await new Promise<void>((resolveClose) => mcpServer.close(() => resolveClose()));
+  });
+
+  it("wildcard skill claim scopes all tools from that server", async () => {
+    process.env.LINEAR_TOKEN = "token-123";
+    const mcpServer = createServer(async (req, res) => {
+      if (req.method === "DELETE") {
+        res.statusCode = 200;
+        res.end();
+        return;
+      }
+      const chunks: Buffer[] = [];
+      for await (const chunk of req) chunks.push(Buffer.from(chunk));
+      const body = Buffer.concat(chunks).toString("utf8");
+      const payload = body.trim().length > 0 ? (JSON.parse(body) as any) : {};
+      if (payload.method === "initialize") {
+        res.setHeader("Content-Type", "application/json");
+        res.setHeader("Mcp-Session-Id", "sess");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: {
+              protocolVersion: "2025-03-26",
+              capabilities: { tools: { listChanged: true } },
+              serverInfo: { name: "linear", version: "1.0.0" },
+            },
+          }),
+        );
+        return;
+      }
+      if (payload.method === "notifications/initialized") {
+        res.statusCode = 202;
+        res.end();
+        return;
+      }
+      if (payload.method === "tools/list") {
+        res.setHeader("Content-Type", "application/json");
+        res.end(
+          JSON.stringify({
+            jsonrpc: "2.0",
+            id: payload.id,
+            result: {
+              tools: [
+                { name: "list_issues", inputSchema: { type: "object", properties: {} } },
+                { name: "save_issue", inputSchema: { type: "object", properties: {} } },
+                { name: "save_comment", inputSchema: { type: "object", properties: {} } },
+              ],
+            },
+          }),
+        );
+        return;
+      }
+      res.statusCode = 404;
+      res.end();
+    });
+    await new Promise<void>((resolveOpen) => mcpServer.listen(0, () => resolveOpen()));
+    const address = mcpServer.address();
+    if (!address || typeof address === "string") throw new Error("Unexpected address");
+    const dir = await mkdtemp(join(tmpdir(), "poncho-harness-wildcard-claim-"));
+    await writeFile(
+      join(dir, "AGENT.md"),
+      `---
+name: wildcard-agent
+model:
+  provider: anthropic
+  name: claude-opus-4-5
+---
+
+# Wildcard Agent
+`,
+      "utf8",
+    );
+    await writeFile(
+      join(dir, "poncho.config.js"),
+      `export default {
+  mcp: [
+    {
+      name: "linear",
+      url: "http://127.0.0.1:${address.port}/mcp",
+      auth: { type: "bearer", tokenEnv: "LINEAR_TOKEN" }
+    }
+  ]
+};
+`,
+      "utf8",
+    );
+    // Skill claims all linear tools with wildcard
+    await mkdir(join(dir, "skills", "linear"), { recursive: true });
+    await writeFile(
+      join(dir, "skills", "linear", "SKILL.md"),
+      `---
+name: linear
+description: Linear integration
+allowed-tools:
+  - mcp:linear/*
+---
+# Linear Skill
+`,
+      "utf8",
+    );
+    const harness = new AgentHarness({ workingDir: dir });
+    await harness.initialize();
+    const toolNames = () => harness.listTools().map((t) => t.name);
+
+    // None of the linear tools should be available (all claimed by wildcard)
+    expect(toolNames()).not.toContain("linear/list_issues");
+    expect(toolNames()).not.toContain("linear/save_issue");
+    expect(toolNames()).not.toContain("linear/save_comment");
+
+    // Activate the skill
+    const activate = harness.listTools().find((t) => t.name === "activate_skill")!;
+    await activate.handler({ name: "linear" }, {} as any);
+
+    // All linear tools now available
+    expect(toolNames()).toContain("linear/list_issues");
+    expect(toolNames()).toContain("linear/save_issue");
+    expect(toolNames()).toContain("linear/save_comment");
+
+    await harness.shutdown();
+    await new Promise<void>((resolveClose) => mcpServer.close(() => resolveClose()));
+  });
+
   it("supports flat tool access config format", async () => {
     const dir = await mkdtemp(join(tmpdir(), "poncho-harness-flat-tool-access-"));
     await writeFile(