@praxis-ai/praxis 0.1.1 → 0.1.2

package/dist/runtimeImplementation/praxisRuntimeKernel.js

@@ -42,6 +42,7 @@ import { approvalInterfaceEnvelope, } from "../interfaceAdapter/interfaceEnvelop
 import { createInMemorySessionStateEventStore, createSqliteSessionStateEventStore, } from "./runtimeSessionStateEventStore.js";
 import { applyRaxStorageInitPlan, createStoragePlaneRuntime, } from "./runtime.storagePlane/storagePlaneRuntime.js";
 import { prepareSandboxRuntime, } from "./runtime.sandboxPlane/sandboxRuntimeProvider.js";
+import { buildMcpServerProfilesFromManifest, mcp, planMcpHarnessExposure, } from "./runtime.mcpPlane/index.js";
 async function inferFilesystemActionForTool(input) {
     if (input.toolId !== "patch.apply")
         return undefined;
@@ -289,6 +290,77 @@ function defaultMcpServerId(toolId, args) {
         return undefined;
     return readString(args.serverId) ?? "local-mcp";
 }
+function withRuntimeHarnessTools(manifest, dynamicTools) {
+    if (dynamicTools.length === 0)
+        return manifest;
+    const byId = new Map();
+    for (const tool of [...manifest.harness.tools, ...dynamicTools]) {
+        byId.set(tool.toolId, tool);
+    }
+    return {
+        ...manifest,
+        harness: {
+            ...manifest.harness,
+            tools: [...byId.values()],
+            metadata: {
+                ...manifest.harness.metadata,
+                runtimeMcpDynamicToolCount: dynamicTools.length,
+            },
+        },
+    };
+}
+function withRuntimeMcpModule(manifest, module) {
+    if (module === undefined || manifest.harness.modules.mcp !== undefined)
+        return manifest;
+    const byId = new Map();
+    for (const tool of [...manifest.harness.tools, ...mcp.recommendedTools()]) {
+        byId.set(tool.toolId, tool);
+    }
+    return {
+        ...manifest,
+        harness: {
+            ...manifest.harness,
+            modules: {
+                ...manifest.harness.modules,
+                mcp: module,
+            },
+            tools: [...byId.values()],
+            runtimeRequirements: manifest.harness.runtimeRequirements.includes("runtime.mcp")
+                ? manifest.harness.runtimeRequirements
+                : [...manifest.harness.runtimeRequirements, "runtime.mcp"],
+            metadata: {
+                ...manifest.harness.metadata,
+                runtimeMcpModuleSource: "runtime.options.mcpModule",
+            },
+        },
+    };
+}
+function normalizeMcpNativeToolDeclaration(tool) {
+    if (!isRecord(tool))
+        return undefined;
+    const name = readString(tool.name);
+    if (name === undefined)
+        return undefined;
+    const description = readString(tool.description) ?? readString(tool.title) ?? name;
+    const schema = isRecord(tool.inputSchema) ? tool.inputSchema : isRecord(tool.input_schema) ? tool.input_schema : {};
+    return { name, description, inputSchema: schema };
+}
+async function discoverRuntimeMcpDynamicTools(manifest, executor) {
+    const profiles = buildMcpServerProfilesFromManifest(manifest);
+    if (profiles.length === 0 || executor.mcp?.listTools === undefined)
+        return [];
+    const inventory = {};
+    for (const profile of profiles) {
+        const listed = await executor.mcp.listTools({ serverId: profile.serverId });
+        if (listed?.ok !== true)
+            continue;
+        const rawTools = Array.isArray(listed.output?.tools) ? listed.output.tools : [];
+        inventory[profile.serverId] = rawTools
+            .map(normalizeMcpNativeToolDeclaration)
+            .filter((tool) => tool !== undefined);
+    }
+    return planMcpHarnessExposure(manifest, inventory).servers.flatMap((server) => [...server.dynamicToolSpecs]);
+}
 function providerToolMappings(manifest) {
     return createProviderToolMappings(manifest.harness.tools);
 }
@@ -523,30 +595,54 @@ function shellCommandPathScanSource(command) {
 function isShellCommandAllowedSystemPath(token) {
     return token === "/dev/null";
 }
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/gu, "\\$&");
+}
 function shellCommandAbsolutePathTokens(command) {
     const matches = shellCommandPathScanSource(command).matchAll(/(^|[\s"'`=({[,;|&<>])\/(?!\/)[^\s"'`$;&|<>()[\]{}]*/gu);
     return [...matches]
         .map((match) => stripShellPathToken((match[0] ?? "").slice(match[1]?.length ?? 0)))
         .filter((token) => token.length > 1 && !token.includes("\0") && !isShellCommandAllowedSystemPath(token));
 }
+function shellCommandPathAccess(command, token) {
+    const source = shellCommandPathScanSource(command);
+    const escaped = escapeRegExp(token);
+    const quotedToken = `["']?${escaped}["']?`;
+    if (new RegExp(`(?:^|[\\s;|&])(?:\\d?>|\\d?>>|>|>>|<>)\\s*${quotedToken}(?:\\s|$|[;&|])`, "u").test(source)) {
+        return "write";
+    }
+    if (new RegExp(`\\btee\\b[^\\n;&|]*${quotedToken}`, "u").test(source))
+        return "write";
+    if (new RegExp(`\\bsed\\b[^\\n;&|]*\\s-i\\b[^\\n;&|]*${quotedToken}`, "u").test(source))
+        return "write";
+    if (new RegExp(`\\b(?:touch|mkdir|rm|rmdir|chmod|chown)\\b[^\\n;&|]*${quotedToken}`, "u").test(source))
+        return "write";
+    if (new RegExp(`Path\\(\\s*["']${escaped}["']\\s*\\)[\\s\\S]*\\b(?:write_text|append_text)\\s*\\(`, "u").test(source)) {
+        return "write";
+    }
+    return "read";
+}
 function shellCommandOutsideAllowedRootsMetadata(input) {
     const output = [];
     for (const token of shellCommandAbsolutePathTokens(input.command)) {
         const normalizedPath = path.resolve(token);
         if (isInsideAllowedRoots(normalizedPath, input.allowedRoots))
             continue;
-        output.push(workspacePathMetadata({
-            ok: false,
-            reason: "OUTSIDE_ALLOWED_ROOTS",
-            message: "shell command references an absolute path outside runtime allowed roots",
-            requestedPath: token,
-            normalizedPath,
-            workspaceRoot: input.workspaceRoot,
-            allowedRoots: input.allowedRoots,
-            pathWasMapped: false,
-            mappingSource: "absolute",
-            suggestedCwd: input.workspaceRoot,
-        }, "path"));
+        output.push({
+            ...workspacePathMetadata({
+                ok: false,
+                reason: "OUTSIDE_ALLOWED_ROOTS",
+                message: "shell command references an absolute path outside runtime allowed roots",
+                requestedPath: token,
+                normalizedPath,
+                workspaceRoot: input.workspaceRoot,
+                allowedRoots: input.allowedRoots,
+                pathWasMapped: false,
+                mappingSource: "absolute",
+                suggestedCwd: input.workspaceRoot,
+            }, "path"),
+            workspacePathAccess: shellCommandPathAccess(input.command, token),
+        });
     }
     return output;
 }
@@ -557,7 +653,6 @@ function normalizeWorkspacePathContract(input) {
     const allowedRoots = normalizeAllowedRoots({ workspaceRoot, allowedRoots: input.allowedRoots });
     const nextArgs = { ...input.args };
     const normalizations = [];
-    const pathAccess = input.toolId === "patch.apply" ? "write" : "read";
     const allowOutsideAllowedRoots = input.profile !== undefined;
     if (input.toolId === "file.read" || input.toolId === "skill.load" || input.toolId === "media.viewImage") {
         for (const field of ["path", "filePath", "imagePath"]) {
@@ -596,12 +691,15 @@ function normalizeWorkspacePathContract(input) {
         }
     }
     const workspaceOutsideAllowedRoots = normalizations.some((item) => item.workspaceOutsideAllowedRoots === true || item.reason === "OUTSIDE_ALLOWED_ROOTS");
+    const workspacePathAccess = input.toolId === "patch.apply" || normalizations.some((item) => item.workspacePathAccess === "write")
+        ? "write"
+        : "read";
     return {
         ok: true,
         args: withWorkspaceNormalizationMetadata(nextArgs, normalizations, workspaceOutsideAllowedRoots
             ? {
                 workspaceOutsideAllowedRoots: true,
-                workspacePathAccess: pathAccess,
+                workspacePathAccess,
             }
             : {}),
         metadata: normalizations[0] === undefined
@@ -2132,6 +2230,7 @@ async function prepareKernelSandbox(input) {
     const sandbox = await prepareSandboxRuntime(input.manifest.sandbox, {
         cwd: input.options.sandbox?.cwd ?? input.storageRuntime.layout.workspace.root,
         runSmoke: input.options.sandbox?.runSmoke ?? false,
+        providerReady: input.options.sandbox?.provider !== undefined,
     });
     input.events.push(...sandbox.events);
     await input.store.appendEvent(event(input.sessionId, "event:sandbox.prepared", "runtime.sandboxPlane.prepared", input.now(), { sandbox }));
@@ -2456,6 +2555,48 @@ function compactRequestMaterials(input) {
     return [...originalMaterials, ...governedSessionSummaryMaterial, ...governedProjectContext];
 }
 async function executeBaseToolDecision(input) {
+    const dynamicToolSpec = input.manifest.harness.tools.find((tool) => tool.toolId === input.toolId);
+    const dynamicRuntimeToolId = typeof dynamicToolSpec?.metadata?.runtimeToolId === "string"
+        ? dynamicToolSpec.metadata.runtimeToolId
+        : undefined;
+    const dynamicRuntimeArguments = isRecord(dynamicToolSpec?.metadata?.runtimeArguments)
+        ? dynamicToolSpec.metadata.runtimeArguments
+        : undefined;
+    if (dynamicRuntimeToolId !== undefined && dynamicRuntimeToolId !== input.toolId) {
+        const delegatedArgs = dynamicRuntimeToolId === "mcp.use"
+            ? {
+                ...(dynamicRuntimeArguments ?? {}),
+                arguments: input.args,
+            }
+            : {
+                ...(dynamicRuntimeArguments ?? {}),
+                ...input.args,
+            };
+        const delegated = await executeBaseToolDecision({
+            ...input,
+            toolId: dynamicRuntimeToolId,
+            args: delegatedArgs,
+        });
+        return {
+            ...delegated,
+            record: {
+                ...delegated.record,
+                toolId: input.toolId,
+                arguments: input.args,
+            },
+            observation: {
+                ...delegated.observation,
+                material: {
+                    ...delegated.observation.material,
+                    metadata: {
+                        ...(delegated.observation.material.metadata ?? {}),
+                        dynamicRuntimeToolId,
+                        dynamicMcpToolId: input.toolId,
+                    },
+                },
+            },
+        };
+    }
     let toolArguments = enrichToolArguments(input.manifest, input.toolId, input.args, {
         runtimeId: input.runtimeId,
         sessionId: input.sessionId,
@@ -3383,6 +3524,7 @@ export class PraxisRuntimeKernel {
             }),
         });
         const dryRun = options.dryRun !== false;
+        manifest = withRuntimeMcpModule(manifest, options.mcpModule);
         const defaultBaseToolPolicy = {
             workspaceRoot: toolWorkspaceRoot,
             allowedRoots: toolAllowedRoots,
@@ -3413,7 +3555,15 @@ export class PraxisRuntimeKernel {
             sandboxSpec: manifest.sandbox,
             preparedSandbox: sandboxPrepared.sandbox,
             policyProfile: manifest.toolPolicy.profile,
+            sandboxProvider: options.sandbox?.provider,
+            sandboxAudit: async (sandboxEvent) => {
+                await store.appendEvent(event(sessionId, `event:sandbox:${sandboxEvent.actionId}:${sandboxEvent.type}`, sandboxEvent.type, now(), { sandbox: sandboxEvent }));
+            },
             remoteSandboxWorker: options.sandbox?.remoteWorker,
+            mcpServers: [
+                ...buildMcpServerProfilesFromManifest(manifest),
+                ...(options.mcpServers ?? []),
+            ],
             emitEvent: (runtimeEvent) => {
                 events.push(runtimeEvent.type);
             },
@@ -3423,6 +3573,7 @@ export class PraxisRuntimeKernel {
             id: "praxis-runtime-kernel",
             sessionId,
         };
+        manifest = withRuntimeHarnessTools(manifest, await discoverRuntimeMcpDynamicTools(manifest, executor));
         const maxModelTurns = manifest.harness.loop.maxModelTurns ?? 2;
         const maxToolCalls = manifest.harness.loop.maxToolCalls ?? 4;
         const toolMappings = providerToolMappings(manifest);

package/dist/runtimeImplementation/runtime.componentPlane/runtimeComponentRegistry.d.ts

@@ -3,7 +3,7 @@ import type { RuntimeComponentSpec } from "./componentTypes.js";
 export declare const officialRuntimeComponents: readonly [{
     readonly componentId: "component.sandbox.bubblewrap";
     readonly kind: "sandbox";
-    readonly title: "Linux bubblewrap sandbox";
+    readonly title: "Linux Raxcell sandbox provider";
     readonly dependencies: readonly [DependencyDeclaration];
     readonly fallbackComponentIds: readonly ["component.sandbox.workspaceRollback"];
     readonly supportedPlatforms: readonly ["linux"];

package/dist/runtimeImplementation/runtime.componentPlane/runtimeComponentRegistry.js

@@ -9,8 +9,8 @@ export const officialRuntimeComponents = [
     {
         componentId: "component.sandbox.bubblewrap",
         kind: "sandbox",
-        title: "Linux bubblewrap sandbox",
-        dependencies: [dependency("dependency.binary.bwrap", { kind: "binary", required: true })],
+        title: "Linux Raxcell sandbox provider",
+        dependencies: [dependency("dependency.binary.raxcell", { kind: "binary", required: true })],
         fallbackComponentIds: ["component.sandbox.workspaceRollback"],
         supportedPlatforms: ["linux"],
     },

package/dist/runtimeImplementation/runtime.dependencyPlane/dependencySourceRegistry.d.ts

@@ -10,7 +10,7 @@ export type DependencySourceRegistry = {
     sources: readonly DependencySource[];
     warnings: readonly string[];
 };
-export declare const officialDependencySources: readonly [DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource];
+export declare const officialDependencySources: readonly [DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource, DependencySource];
 export declare function defaultManagedRoot(input?: {
     raxToolDepsRoot?: string;
     env?: Readonly<Record<string, string | undefined>>;

package/dist/runtimeImplementation/runtime.dependencyPlane/dependencySourceRegistry.js

@@ -125,6 +125,18 @@ export const officialDependencySources = [
         executableName: "rg",
         versionCommand: { command: "rg", args: ["--version"] },
     }),
+    source({
+        dependencyId: "dependency.binary.raxcell",
+        sourceId: "official:detect:raxcell",
+        displayName: "Raxcell sandbox provider",
+        kind: "binary",
+        safety: "trusted-detect-only",
+        packageManager: "detect-only",
+        executableName: "raxcell",
+        versionCommand: { command: "raxcell", args: ["--version"] },
+        supportedPlatforms: ["linux"],
+        installInstructions: "Install @praxis-ai/raxcell with Praxis/Raxode, or set RAXCELL_BIN to an explicit provider binary path.",
+    }),
     source({
         dependencyId: "dependency.binary.bwrap",
         sourceId: "official:detect:bwrap",

package/dist/runtimeImplementation/runtime.dependencyPlane/dependencyTypes.js

@@ -7,6 +7,7 @@ export function canonicalDependencyId(input) {
     const value = input.trim();
     const legacy = {
         "binary:bwrap": "dependency.binary.bwrap",
+        "binary:raxcell": "dependency.binary.raxcell",
         "binary:podman|docker": "dependency.binary.podmanOrDocker",
         "windows:Windows-Sandbox": "dependency.windows.sandbox",
         "macos:containerization": "dependency.macos.containerization",
@@ -60,6 +61,7 @@ export function legacyDependencyIds(input) {
     const canonical = canonicalDependencyId(input);
     const reverse = {
         "dependency.binary.bwrap": ["binary:bwrap"],
+        "dependency.binary.raxcell": ["binary:raxcell"],
         "dependency.binary.podmanOrDocker": ["binary:podman|docker"],
         "dependency.windows.sandbox": ["windows:Windows-Sandbox"],
         "dependency.macos.containerization": ["macos:containerization"],

package/dist/runtimeImplementation/runtime.execEngine/baseToolExecutorPortFactory.d.ts

@@ -2,6 +2,7 @@ import type { BaseToolExecutorPort } from "../../basetool/types.js";
 import { type BaseToolPolicyProfile, type SandboxSpec } from "../runtimeAgentManifest.js";
 import type { SandboxRuntimePrepareResult } from "../runtime.sandboxPlane/sandboxRuntimeProvider.js";
 import { type SandboxRemoteWorkerAdapter } from "../runtime.sandboxPlane/sandboxCommandRunner.js";
+import type { SandboxExecutionProviderPort, SandboxPolicyMiddlewareAuditEvent } from "../runtime.sandboxPlane/sandboxPolicyMiddleware.js";
 import { type McpRuntimeServerProfile } from "./mcpRuntimeAdapter.js";
 export type RuntimeBaseToolExecutorEvent = {
     type: string;
@@ -60,6 +61,8 @@ export type RuntimeBaseToolExecutorContext = {
     sandboxSpec?: SandboxSpec;
     preparedSandbox?: SandboxRuntimePrepareResult;
     policyProfile?: BaseToolPolicyProfile;
+    sandboxProvider?: SandboxExecutionProviderPort;
+    sandboxAudit?: (event: SandboxPolicyMiddlewareAuditEvent) => Promise<void> | void;
     remoteSandboxWorker?: SandboxRemoteWorkerAdapter;
     mcpServers?: readonly McpRuntimeServerProfile[];
     environment?: Readonly<Record<string, string | undefined>>;

package/dist/runtimeImplementation/runtime.execEngine/baseToolExecutorPortFactory.js

@@ -159,8 +159,6 @@ function legacyPreparedSandbox(value) {
 }
 function sandboxModeForContext(context) {
     const profile = policyProfileForContext(context);
-    if (profile === "bapr")
-        return "none";
     const explicitProviderFamily = context.sandboxSpec?.providerFamily ?? context.sandbox?.providerFamily;
     const prepared = context.preparedSandbox ?? legacyPreparedSandbox(context.sandbox);
     if (strongSandboxFamily(explicitProviderFamily)) {
@@ -314,6 +312,10 @@ async function runCommand(context, command, args = [], cwd, input = {}) {
     if (!resolvedCwd.ok)
         return resolvedCwd;
     const commandCwd = String(resolvedCwd.output);
+    const root = workspaceRoot(context);
+    const approvedWriteRoots = input.approved === true
+        ? context.policy?.allowedWriteRoots ?? [root]
+        : context.policy?.allowedWriteRoots;
     if (spec !== undefined) {
         const result = await runSandboxCommand({
             runtimeId: context.runtimeId,
@@ -331,13 +333,17 @@ async function runCommand(context, command, args = [], cwd, input = {}) {
             policyProfile: profile,
             sandboxMode: sandboxModeForContext(context),
             filesystem: {
-                workspaceRoot: workspaceRoot(context),
-                allowedReadRoots: context.policy?.allowedRoots ?? [workspaceRoot(context)],
-                ...(context.policy?.allowedWriteRoots === undefined ? {} : { allowedWriteRoots: context.policy.allowedWriteRoots }),
+                workspaceRoot: root,
+                allowedReadRoots: context.policy?.allowedRoots ?? [root],
+                ...(approvedWriteRoots === undefined ? {} : { allowedWriteRoots: approvedWriteRoots }),
+                ...(input.approved === true ? { readonlyRoot: false } : {}),
             },
             network: input.network,
+            approval: input.approved === true ? { accepted: true, grantedBy: "praxis-human-approval" } : undefined,
         }, {
             remoteWorker: context.remoteSandboxWorker,
+            sandboxProvider: context.sandboxProvider,
+            audit: context.sandboxAudit,
         });
         if (!result.ok) {
             return fail(result.error.code, result.error.message, {
@@ -423,6 +429,7 @@ function createShellExecutor(context) {
                 invocationId: typeof request?.toolCallId === "string" ? request.toolCallId : undefined,
                 shellScript: true,
                 timeoutMs: typeof request?.timeoutMs === "number" ? request.timeoutMs : undefined,
+                approved: approvedByRuntimeContext(request?.context),
             });
         }),
     };
@@ -436,6 +443,7 @@ function createProcessExecutor(context) {
                 toolId: "process.run",
                 invocationId: typeof request?.toolCallId === "string" ? request.toolCallId : undefined,
                 timeoutMs: typeof request?.timeoutMs === "number" ? request.timeoutMs : undefined,
+                approved: approvedByRuntimeContext(request?.context),
             });
         }),
         wait: withAdapter(context, "process", "wait", async (request) => {
@@ -630,7 +638,22 @@ function createMcpExecutor(context) {
     const configured = context.mcpServers !== undefined && context.mcpServers.length > 0
         ? createMcpRuntimeAdapter({ servers: context.mcpServers })
         : undefined;
-    const base = configured ?? createUnavailableNamespace("mcp", ["connect", "ping", "listTools", "call", "stream", "listResources", "readResource"]);
+    const base = configured ?? createUnavailableNamespace("mcp", [
+        "connect",
+        "ping",
+        "listTools",
+        "call",
+        "stream",
+        "listResources",
+        "readResource",
+        "listPrompts",
+        "getPrompt",
+        "setRoots",
+        "reportProgress",
+        "createSamplingMessage",
+        "elicit",
+        "setLoggingLevel",
+    ]);
     const callTool = base.callTool ?? base.call;
     const streamTool = base.streamTool ?? base.stream;
     return {
@@ -643,7 +666,21 @@ function createMcpExecutor(context) {
 export function listRuntimeBaseToolImplementedPortPaths(context = {}) {
     const ports = new Set(baseToolExecutorPortFactoryDescriptor.implementedAdapters);
     if (context.mcpServers !== undefined && context.mcpServers.length > 0) {
-        for (const portPath of ["mcp.connect", "mcp.call", "mcp.callTool", "mcp.listTools", "mcp.listResources", "mcp.readResource"]) {
+        for (const portPath of [
+            "mcp.connect",
+            "mcp.call",
+            "mcp.callTool",
+            "mcp.listTools",
+            "mcp.listResources",
+            "mcp.readResource",
+            "mcp.listPrompts",
+            "mcp.getPrompt",
+            "mcp.setRoots",
+            "mcp.reportProgress",
+            "mcp.createSamplingMessage",
+            "mcp.elicit",
+            "mcp.setLoggingLevel",
+        ]) {
             ports.add(portPath);
         }
     }
@@ -694,6 +731,7 @@ export function createRuntimeBaseToolExecutorPort(context) {
                     toolId: typeof request?.toolId === "string" ? request.toolId : "sandbox.run",
                     invocationId: typeof request?.invocationId === "string" ? request.invocationId : undefined,
                     network: request?.network === "allow" ? "allow" : undefined,
+                    approved: approvedByRuntimeContext(request?.context),
                 });
             }),
         },

package/dist/runtimeImplementation/runtime.execEngine/mcpRuntimeAdapter.js

@@ -324,6 +324,62 @@ export function createMcpRuntimeAdapter(options) {
             })) : [];
             return success({ uri: requestInput.resourceUri, contents, truncated: false, providerMetadata: metadata(connected.output.profile, { method: "resources/read" }), raw: read.output });
         },
+        async listPrompts(requestInput) {
+            const connected = await getConnection(requestInput.serverId);
+            if (!connected.ok)
+                return connected;
+            const listed = await request(connected.output, "prompts/list", requestInput.cursor === undefined ? {} : { cursor: requestInput.cursor });
+            if (!listed.ok)
+                return listed;
+            const raw = resultObject(listed.output);
+            const prompts = Array.isArray(raw.prompts) ? raw.prompts.filter(isObject).map((prompt) => ({
+                name: String(prompt.name ?? ""),
+                title: typeof prompt.title === "string" ? prompt.title : undefined,
+                description: typeof prompt.description === "string" ? prompt.description : undefined,
+                arguments: Array.isArray(prompt.arguments) ? prompt.arguments : undefined,
+                raw: prompt,
+            })).filter((prompt) => prompt.name.length > 0) : [];
+            return success({ prompts, nextCursor: typeof raw.nextCursor === "string" ? raw.nextCursor : undefined, providerMetadata: metadata(connected.output.profile, { method: "prompts/list" }), raw: listed.output });
+        },
+        async getPrompt(requestInput) {
+            const connected = await getConnection(requestInput.serverId);
+            if (!connected.ok)
+                return connected;
+            const read = await request(connected.output, "prompts/get", { name: requestInput.name, arguments: requestInput.arguments ?? {} });
+            if (!read.ok)
+                return read;
+            return success(read.output, metadata(connected.output.profile, { method: "prompts/get", promptName: requestInput.name }));
+        },
+        async setRoots(requestInput) {
+            const profile = getProfile(requestInput.serverId);
+            if (profile === undefined)
+                return failure("MCP_SERVER_NOT_CONFIGURED", `MCP server '${requestInput.serverId}' is not configured.`);
+            return success({ serverId: requestInput.serverId, roots: requestInput.roots ?? [], status: "registered", providerMetadata: metadata(profile, { hostSemantic: "roots" }) });
+        },
+        async reportProgress(requestInput) {
+            const profile = getProfile(requestInput.serverId);
+            if (profile === undefined)
+                return failure("MCP_SERVER_NOT_CONFIGURED", `MCP server '${requestInput.serverId}' is not configured.`);
+            return success({ serverId: requestInput.serverId, progressToken: requestInput.progressToken, progress: requestInput.progress, total: requestInput.total, status: "reported", providerMetadata: metadata(profile, { hostSemantic: "progress" }) });
+        },
+        async createSamplingMessage(requestInput) {
+            const profile = getProfile(requestInput.serverId);
+            if (profile === undefined)
+                return failure("MCP_SERVER_NOT_CONFIGURED", `MCP server '${requestInput.serverId}' is not configured.`);
+            return success({ serverId: requestInput.serverId, status: "accepted", request: requestInput, providerMetadata: metadata(profile, { hostSemantic: "sampling" }) });
+        },
+        async elicit(requestInput) {
+            const profile = getProfile(requestInput.serverId);
+            if (profile === undefined)
+                return failure("MCP_SERVER_NOT_CONFIGURED", `MCP server '${requestInput.serverId}' is not configured.`);
+            return success({ serverId: requestInput.serverId, status: "pending", request: requestInput, providerMetadata: metadata(profile, { hostSemantic: "elicitation" }) });
+        },
+        async setLoggingLevel(requestInput) {
+            const profile = getProfile(requestInput.serverId);
+            if (profile === undefined)
+                return failure("MCP_SERVER_NOT_CONFIGURED", `MCP server '${requestInput.serverId}' is not configured.`);
+            return success({ serverId: requestInput.serverId, level: requestInput.level ?? "info", status: "configured", providerMetadata: metadata(profile, { hostSemantic: "logging" }) });
+        },
         async createResource(requestInput) {
             const profile = getProfile(requestInput.serverId);
             if (profile === undefined)

package/dist/runtimeImplementation/runtime.mcpPlane/index.d.ts

@@ -0,0 +1,114 @@
+import { type ExposureState, type McpCompatibleSurface, type McpPlusManifest, type NativeToolDeclaration } from "@praxis-ai/mcp-plus";
+import type { ToolSpec } from "../runtimeAgentManifest.js";
+import type { McpRuntimeServerProfile } from "../runtime.execEngine/mcpRuntimeAdapter.js";
+export type McpHarnessServerMode = "native" | "mcp-plus";
+export type McpTransportSpec = {
+    transport: "stdio";
+    command: string;
+    args?: readonly string[];
+    cwd?: string;
+    env?: Readonly<Record<string, string | undefined>>;
+    timeoutMs?: number;
+    framing?: "content-length" | "line-json";
+} | {
+    transport: "http" | "sse";
+    url: string;
+    sseUrl?: string;
+    headers?: Readonly<Record<string, string>>;
+    timeoutMs?: number;
+};
+export type McpHarnessServerSpec = McpTransportSpec & {
+    serverId: string;
+    mode: McpHarnessServerMode;
+    title?: string;
+    summary?: string;
+    manifest?: McpPlusManifest;
+    metadata?: Readonly<Record<string, unknown>>;
+};
+export type McpApplicationServerInput = McpTransportSpec & {
+    serverId: string;
+    mode?: McpHarnessServerMode;
+    title?: string;
+    summary?: string;
+    manifest?: McpPlusManifest;
+    metadata?: Readonly<Record<string, unknown>>;
+};
+type HttpMcpHelperInput = {
+    url: string;
+    sseUrl?: string;
+    headers?: Readonly<Record<string, string>>;
+    timeoutMs?: number;
+} & Partial<Pick<McpHarnessServerSpec, "mode" | "title" | "summary" | "manifest" | "metadata">>;
+export type McpHarnessModuleSpec = {
+    kind: "praxis.mcp.module";
+    version: "praxis.mcp.v1";
+    servers: readonly McpHarnessServerSpec[];
+    recommended: true;
+    metadata?: Readonly<Record<string, unknown>>;
+};
+export type McpApplicationServerView = {
+    serverId: string;
+    mode: McpHarnessServerMode;
+    transport: McpHarnessServerSpec["transport"];
+    title?: string;
+    summary?: string;
+    manifestPresent: boolean;
+    status: "declared" | "mounted" | "error";
+    toolCount?: number;
+    visibleToolCount?: number;
+    indexedToolCount?: number;
+    publicSafe: true;
+};
+export type McpApplicationStateView = {
+    servers: readonly McpApplicationServerView[];
+    recommendedMode: "mcp-plus";
+    nativeCompatible: true;
+    publicSafe: true;
+};
+export type McpExposurePlanServer = {
+    serverId: string;
+    mode: McpHarnessServerMode;
+    surface: McpCompatibleSurface;
+    dynamicToolSpecs: readonly ToolSpec[];
+};
+export type McpHarnessExposurePlan = {
+    servers: readonly McpExposurePlanServer[];
+};
+export type McpPlusApplicationServerInput = McpTransportSpec & {
+    serverId: string;
+    manifest: McpPlusManifest;
+    title?: string;
+    summary?: string;
+    metadata?: Readonly<Record<string, unknown>>;
+};
+export declare function mcpServer(serverId: string, input: McpTransportSpec & Partial<Pick<McpHarnessServerSpec, "mode" | "title" | "summary" | "manifest" | "metadata">>): McpHarnessServerSpec;
+export declare const mcp: {
+    readonly module: (input: {
+        servers: readonly McpHarnessServerSpec[];
+        metadata?: Readonly<Record<string, unknown>>;
+    }) => McpHarnessModuleSpec;
+    readonly stdio: (serverId: string, input: Omit<Extract<McpTransportSpec, {
+        transport: "stdio";
+    }>, "transport"> & Partial<Pick<McpHarnessServerSpec, "mode" | "title" | "summary" | "manifest" | "metadata">>) => McpHarnessServerSpec;
+    readonly http: (serverId: string, input: HttpMcpHelperInput) => McpHarnessServerSpec;
+    readonly sse: (serverId: string, input: HttpMcpHelperInput) => McpHarnessServerSpec;
+    readonly recommendedTools: () => readonly ToolSpec[];
+};
+export declare function isMcpHarnessModuleSpec(value: unknown): value is McpHarnessModuleSpec;
+export declare function mcpHarnessModuleFrom(input: {
+    modules?: Readonly<Record<string, unknown>>;
+}): McpHarnessModuleSpec | undefined;
+export declare function runtimeRequirementsForMcpModule(module: McpHarnessModuleSpec | undefined): readonly string[];
+export declare function toMcpRuntimeServerProfile(server: McpHarnessServerSpec): McpRuntimeServerProfile;
+export declare function buildMcpServerProfilesFromManifest(input: {
+    harness: {
+        modules: Readonly<Record<string, unknown>>;
+    };
+}): readonly McpRuntimeServerProfile[];
+export declare function createMcpApplicationStateView(module: McpHarnessModuleSpec | undefined): McpApplicationStateView;
+export declare function planMcpHarnessExposure(manifest: {
+    harness: {
+        modules: Readonly<Record<string, unknown>>;
+    };
+}, nativeToolInventoryByServerId: Readonly<Record<string, readonly NativeToolDeclaration[]>>, stateByServerId?: Readonly<Record<string, Partial<ExposureState>>>): McpHarnessExposurePlan;
+export {};