@salesforce/sfdx-agent-sdk 0.16.0 → 0.18.0

package/CHANGELOG.md

@@ -0,0 +1,32 @@
+# Changelog
+
+All notable changes to `@salesforce/sfdx-agent-sdk` are documented in this file.
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+## [0.18.0] - 2026-06-09
+
+### Tests
+- **agent-sdk**: parallel consumer-tool batch e2e (#559) ([#574](https://github.com/forcedotcom/agentic-dx/pull/574))
+
+### Chores
+- **deps**: bump dependencies across packages @W-22695116@ ([#577](https://github.com/forcedotcom/agentic-dx/pull/577))
+- resolve unrelated it.todo placeholders in agent.test.ts and client.test.ts ([#573](https://github.com/forcedotcom/agentic-dx/pull/573))
+- **deps-dev**: bump @types/node from 22.19.19 to 22.19.20 in the dev-dependencies group ([#568](https://github.com/forcedotcom/agentic-dx/pull/568))
+
+## [0.17.0] - 2026-06-09
+
+### Features
+- **release**: auto-generate per-package CHANGELOG.md on publish ([#567](https://github.com/forcedotcom/agentic-dx/pull/567))
+- unify tool-exposure policy under toolSearch.alwaysActive ([#566](https://github.com/forcedotcom/agentic-dx/pull/566))
+- add ClaudeAgentConfig.skillSearch + decouple Mastra skillSearch from toolSearch ([#563](https://github.com/forcedotcom/agentic-dx/pull/563))
+- **agent-sdk**: preserve MCP clients across updateAgentConfig ([#560](https://github.com/forcedotcom/agentic-dx/pull/560))
+- **agent-sdk,harness-claude,harness-mastra**: first-class tool-result redaction ([#546](https://github.com/forcedotcom/agentic-dx/pull/546))
+
+### Fixes
+- **harness-mastra**: honor MCPServerConfig.alwaysLoad when toolSearch is set ([#558](https://github.com/forcedotcom/agentic-dx/pull/558))
+
+### Chores
+- **deps-dev**: bump the eslint group across 1 directory with 2 updates ([#553](https://github.com/forcedotcom/agentic-dx/pull/553))
+- **deps-dev**: bump the dev-dependencies group across 1 directory with 4 updates ([#536](https://github.com/forcedotcom/agentic-dx/pull/536))
+- **deps-dev**: bump the vitest group across 1 directory with 3 updates ([#552](https://github.com/forcedotcom/agentic-dx/pull/552))
+

package/README.md

@@ -59,14 +59,19 @@ await manager.shutdown();
 
 ## API Reference
 
-### `createAgentManager<F>(storageRootFolder, harnessFactory, connectivityResolver?): Promise<AgentManager<H>>`
+### `createAgentManager<F>(storageRootFolder, harnessFactory, options?): Promise<AgentManager<H>>`
 
 Factory function that creates an `AgentManager` backed by the provided `HarnessFactory`. The `storageRootFolder` must be
 an existing directory and is used for persistent state (the harness's runtime data plus the SDK's per-agent identity
 files at `${storageRootFolder}/agents/<id>.json`). The SDK verifies that the constructed harness uses a supported
-protocol version, replays any persisted agents the harness can still serve, and returns the manager. The optional
-`connectivityResolver` overrides the default sf-CLI-based org resolution — used by e2e tests and custom-auth
-deployments; production callers leave it unset.
+protocol version, replays any persisted agents the harness can still serve, and returns the manager.
+
+The third-positional `options` bag carries per-manager opt-ins. Production callers typically leave it unset:
+
+| Option                 | Type                        | Purpose                                                                                                                                                                                                   |
+| ---------------------- | --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `connectivityResolver` | `AgentConnectivityResolver` | Overrides the default sf-CLI-based org resolution — used by e2e tests and custom-auth deployments.                                                                                                        |
+| `hooksForAgent`        | `HooksForAgent`             | Sync callback resolving a per-agent `AgentHooks` bag (today carries `onToolResult`). Invoked once per `createAgent`, boot-time restore, and `Agent.updateAgentConfig`. See "Tool-Result Redaction" below. |
 
 The harness type `H` is **inferred from the factory's `create()` return type**, so consumers don't pass an explicit type
 argument:
@@ -240,7 +245,6 @@ type MCPStdioServerConfig = {
   env?: Record<string, string>;
   enabled?: boolean;
   timeout?: number;
-  alwaysLoad?: boolean;
 };
 
 // Remote server (HTTP/SSE)
@@ -256,16 +260,13 @@ type MCPRemoteServerConfig = {
     maxReconnectionDelay?: number;
     reconnectionDelayGrowFactor?: number;
   };
-  alwaysLoad?: boolean;
 };
 ```
 
-**`alwaysLoad`** opts a server's tool surface out of the active runtime's tool-search deferral. Default (`undefined` /
-`false`) lets the runtime defer the server's tools behind a tool-search round-trip when the global tool surface is
-large; `true` registers every tool from this server with the model up-front. Useful for small, discovery-critical
-surfaces (≤ a few tools the model needs to find without prompting). The Claude harness honors the flag by stamping
-`_meta['anthropic/alwaysLoad'] = true` on each forwarded tool (equivalent to `defer_loading: false` on the Claude API).
-The Mastra harness eager-loads all MCP tools regardless, so the flag is a no-op there.
+**Tool-exposure policy** (which tools bypass the active runtime's tool-search deferral) is configured per-agent on the
+harness extension surface, not per-server here. See `MastraAgentConfig.toolSearch.alwaysActive` and
+`ClaudeAgentConfig.toolSearch.alwaysActive` for the entry shape that covers "all tools from server X", "tool Y on server
+X", and "tool Y from any source".
 
 **`reconnectionOptions`** tunes the HTTP MCP transport's retry / backoff behavior. Forwarded to the underlying SDK
 transport on both harnesses (Claude's `@modelcontextprotocol/sdk` `StreamableHTTPClientTransport` and Mastra's
@@ -768,6 +769,134 @@ When `requireToolApproval: true` is also set, consumer-executed tools bypass the
 `StreamOptions.requireToolApproval` JSDoc). They surface as a normal `tool-call` event without a preceding
 `tool-approval-request`. Built-in / MCP tools still gate normally.
 
+### Tool-Result Redaction
+
+Secrets in tool output (a live `accessToken` from `sf org list --json`, an API key in `Bash` stdout, a JWT in an MCP
+response) must be scrubbed **before** the result enters the model's context. Once the model has seen a value it can echo
+it in a reply, route it into a later tool call (`Bash` arg, file write), or send it to provider logs — nothing
+downstream (UI scrubbing, transcript redaction) can undo that.
+
+The SDK exposes a harness-agnostic redactor type and a per-agent hooks bag (`AgentHooks`). Pass a `hooksForAgent`
+callback to `createAgentManager`; the SDK invokes it once per agent install (`createAgent`, boot-time restore,
+`Agent.updateAgentConfig`), threads the resolved bag through to whichever harness you're using, and the harness wires
+`onToolResult` to its native seam (Claude Agent SDK `PostToolUse` hook, Mastra `processInputStep`). The same redactor
+function works on both harnesses.
+
+```ts
+import {
+  createAgentManager,
+  type AgentHooks,
+  type HooksForAgent,
+  type ToolResultRedactor,
+} from '@salesforce/sfdx-agent-sdk';
+
+// Optional: wrap your redactor so an exception substitutes a safe stub
+// instead of propagating. The SDK does NOT do this for you — see
+// "Throw policy" below.
+const REDACTION_FAILURE_STUB = '[redaction failed — original withheld]';
+
+const failClosed =
+  (inner: ToolResultRedactor): ToolResultRedactor =>
+  async (input) => {
+    try {
+      return await inner(input);
+    } catch (err) {
+      auditLog.warn('redaction-failed', { toolName: input.toolName, toolCallId: input.toolCallId, err });
+      return { output: REDACTION_FAILURE_STUB };
+    }
+  };
+
+const baseRedactor: ToolResultRedactor = ({ toolName, output }) => {
+  // Bash needs its native shape preserved (see "Bash gotcha" below).
+  if (toolName === 'Bash') {
+    const bash = output as { stdout: string; stderr: string; interrupted: boolean };
+    return { output: { ...bash, stdout: scrub(bash.stdout), stderr: scrub(bash.stderr) } };
+  }
+  // Pass-through for non-secret-bearing tools — return undefined.
+  if (!mayContainSecrets(toolName)) return;
+  return { output: scrubDeep(output) };
+};
+
+const hooksForAgent: HooksForAgent = (agentId, config): AgentHooks => ({
+  onToolResult: failClosed(baseRedactor),
+});
+
+const manager = await createAgentManager(storage, factory, { hooksForAgent });
+```
+
+#### `ToolResultRedactor`
+
+Sync-or-async callback invoked once per tool result before the model sees it. Returning `{ output }` replaces the value;
+returning `undefined` passes through unchanged.
+
+```ts
+type ToolResultRedactor = (
+  input: ToolResultRedactionInput,
+) => ToolResultRedactionResult | Promise<ToolResultRedactionResult>;
+
+type ToolResultRedactionInput = {
+  agentId: string;
+  threadId: string;
+  toolCallId: string;
+  toolName: string;
+  serverName?: string; // Originating MCP server when applicable.
+  output: unknown; // Raw upstream output, unmodified.
+  isError: boolean;
+};
+
+type ToolResultRedactionResult = { output: unknown } | undefined;
+```
+
+The redactor fires for every tool result type:
+
+- **Built-in tools** (`Bash`, `Read`, `Edit`, `Glob`, `Grep`, …) on Claude.
+- **MCP tools** on either harness (with `serverName` populated from the agent's MCP catalog).
+- **Consumer-executed tools** declared via `AgentConfig.tools` on either harness.
+
+#### `AgentHooks` and `HooksForAgent`
+
+`AgentHooks` is a forward-compatible bag — today it carries `onToolResult`; future hooks (`onToolCall`, `onStep`, …)
+will land on the same shape without churning factory configs. The SDK and harnesses treat unknown fields as opaque, so
+adding a new hook is non-breaking.
+
+```ts
+type AgentHooks = { onToolResult?: ToolResultRedactor };
+type HooksForAgent = (agentId: string, config: AgentConfig) => AgentHooks;
+```
+
+`hooksForAgent` is sync — the SDK does not await it. Consumers needing async setup (e.g. a remote feature flag
+controlling who gets redaction) pre-resolve before calling `createAgentManager`. The callback receives the agent's id
+and the persisted `AgentConfig`, so per-agent variation can branch on either.
+
+#### Audit / preserving the original
+
+The redactor receives the unmodified `output` at the call site. Consumers needing an audit trail of the original value
+log it themselves before returning the redaction. The SDK does not put the original on its telemetry bus or persist it
+anywhere — that would defeat the point.
+
+#### Throw policy
+
+The SDK does NOT own fail-closed semantics. If your redactor throws, the harness propagates: Claude routes through the
+Claude Agent SDK's `PostToolUse` hook-error path (which synthesizes `tool_result(is_error=true)` so the failure is
+observable); Mastra propagates from `processInputStep` and surfaces as an `error` ChatEvent on the consumer's
+eventStream. Either way, the original output never reaches the model. Wrap your redactor in `try`/`catch` (see the
+`failClosed` helper above) when you want a richer fail-closed substitute.
+
+#### Bash gotcha (Claude only)
+
+Claude's built-in `Bash` tool expects responses to keep the `{ stdout, stderr, interrupted }` shape. A bare-string
+return is rejected by the Claude Agent SDK and the original value leaks. The harness does NOT validate this — the
+redactor knows what tool it is redacting.
+
+For MCP tools, the replacement must be a valid `CallToolResult` shape (`{ content: [...], isError? }`). For
+consumer-executed tools, any shape the consumer accepts is fine.
+
+#### Composition with consumer-supplied hooks (Claude only)
+
+If you also register a `PostToolUse` hook via `ClaudeQueryDefaults.hooks.PostToolUse`, both your hook and the harness's
+redaction hook fire — the harness hook is appended **last** in `options.hooks.PostToolUse`, so its `updatedToolOutput`
+is what actually replaces the value the model sees.
+
 ### Connectivity Resolution
 
 #### `ResolvedConnectivity`
@@ -924,14 +1053,18 @@ This package publishes two ESM entry points:
 > see the subpath. Modern bundlers (Vite, esbuild, Webpack 5+, tsup, Rollup with `@rollup/plugin-node-resolve` v15+)
 > resolve it natively. This is a harness-author concern only; consumer applications never touch the subpath.
 
-| Export                        | Surface                                     | Role                                                                                                                                                                                                                                    |
-| ----------------------------- | ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `HarnessFactory<H>`           | Type only on bare; value+type on `/harness` | Construct a harness of type `H` bound to a storage root. Declares `harnessId` and `protocolVersion`. Default `H = AgentHarness`.                                                                                                        |
-| `AgentHarness`                | Type only on bare; type on `/harness`       | Runtime contract: agent / thread / stream / tool / message lifecycle. Declares its own `harnessId` and `protocolVersion`.                                                                                                               |
-| `SUPPORTED_PROTOCOL_VERSIONS` | `/harness` only                             | Readonly list of harness protocol versions this SDK accepts. `createAgentManager` checks both the factory and the constructed harness.                                                                                                  |
-| `HarnessBusOwner`             | `/harness` only                             | Composition helper owning telemetry + log buses with `dispose()` semantics. Reuse it instead of reimplementing bus plumbing.                                                                                                            |
-| `lowerStreamInput`            | `/harness` only                             | Validates a `MessagePart[]` and lowers each input part to your runtime's content-block shape. Use it in `stream()` so multimodal caps and `MULTIMODAL_NOT_SUPPORTED` / `INVALID_MESSAGE_CONTENT` semantics match every other harness.   |
-| `GenSink<T>`                  | `/harness` only                             | Buffered async-generator wrapper for routing `ChatEvent`s to a consumer's `ChatStreamResult.eventStream`. Single-iteration: calling `generator()` twice throws — sinks have one waiter slot and one buffer, two iterators race on both. |
+| Export                        | Surface                                     | Role                                                                                                                                                                                                                                                                                                                                                                |
+| ----------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `HarnessFactory<H>`           | Type only on bare; value+type on `/harness` | Construct a harness of type `H` bound to a storage root. Declares `harnessId` and `protocolVersion`. Default `H = AgentHarness`.                                                                                                                                                                                                                                    |
+| `AgentHarness`                | Type only on bare; type on `/harness`       | Runtime contract: agent / thread / stream / tool / message lifecycle. Declares its own `harnessId` and `protocolVersion`.                                                                                                                                                                                                                                           |
+| `SUPPORTED_PROTOCOL_VERSIONS` | `/harness` only                             | Readonly list of harness protocol versions this SDK accepts. `createAgentManager` checks both the factory and the constructed harness.                                                                                                                                                                                                                              |
+| `HarnessBusOwner`             | `/harness` only                             | Composition helper owning telemetry + log buses with `dispose()` semantics. Reuse it instead of reimplementing bus plumbing.                                                                                                                                                                                                                                        |
+| `lowerStreamInput`            | `/harness` only                             | Validates a `MessagePart[]` and lowers each input part to your runtime's content-block shape. Use it in `stream()` so multimodal caps and `MULTIMODAL_NOT_SUPPORTED` / `INVALID_MESSAGE_CONTENT` semantics match every other harness.                                                                                                                               |
+| `GenSink<T>`                  | `/harness` only                             | Buffered async-generator wrapper for routing `ChatEvent`s to a consumer's `ChatStreamResult.eventStream`. Single-iteration: calling `generator()` twice throws — sinks have one waiter slot and one buffer, two iterators race on both.                                                                                                                             |
+| `mcpServerConfigEqual`        | Bare specifier and `/harness`               | Structural deep-equality predicate over `MCPServerConfig`. Use inside `updateAgent` to decide which servers to preserve vs. cycle. Treats `enabled: undefined` and `enabled: true` as equal; compares URLs via `String(url)` (so `URL` instances and strings round-trip); `headers` and `env` are key-order-insensitive; `reconnectionOptions` compares field-wise. |
+| `AlwaysActiveEntry`           | `/harness` only                             | Entry shape consumed by per-harness `toolSearch.alwaysActive` extension fields. Three matching patterns: `{ serverName }` (server-wide), `{ serverName, toolName }` (precise), `{ toolName }` (cross-source). At least one of `serverName` / `toolName` must be present.                                                                                            |
+| `matchesAlwaysActive`         | `/harness` only                             | Predicate `(entries, serverName, toolName) → boolean` consulted per-tool when stamping always-load metadata or partitioning a tool-search pool. Use this instead of pattern-matching entries by hand so harness behavior stays uniform.                                                                                                                             |
+| `validateAlwaysActiveEntry`   | `/harness` only                             | Throws on a malformed entry (`{}`, both fields empty). Call once per entry at the harness boundary so a typo fails loud at config time rather than silently dropping the entry on every `stream()`.                                                                                                                                                                 |
 
 Minimal skeleton:
 

package/dist/agent-manager.d.ts

@@ -3,6 +3,7 @@ import { type AgentHarness, type ConfigOf } from './harness/agent-harness.js';
 import type { HarnessFactory } from './harness/harness-factory.js';
 import { type AgentConfig } from './harness/harness-config.js';
 import { type Agent } from './agent.js';
+import type { HooksForAgent } from './types/redaction.js';
 import type { TelemetryEventCallback } from './types/telemetry-events.js';
 import { type AgentConnectivityResolver } from './agent-connectivity-resolver.js';
 /**
@@ -124,6 +125,7 @@ export declare class DefaultAgentManager<H extends AgentHarness = AgentHarness>
     private readonly harness;
     private readonly agentIdGenerator;
     private readonly agentConnectivityResolver;
+    private readonly hooksForAgent;
     private readonly clock;
     private readonly identityStore;
     private readonly agents;
@@ -144,7 +146,7 @@ export declare class DefaultAgentManager<H extends AgentHarness = AgentHarness>
      * is private, so this is the only way to obtain an instance, but
      * consumers should always go through {@link createAgentManager}.
      */
-    static __build<H extends AgentHarness>(harness: H, agentConnectivityResolver: AgentConnectivityResolver, storageRootFolder: string, agentIdGenerator: UniqueIDGenerator, clock: Clock, logBus: LogBus): Promise<DefaultAgentManager<H>>;
+    static __build<H extends AgentHarness>(harness: H, agentConnectivityResolver: AgentConnectivityResolver, hooksForAgent: HooksForAgent | undefined, storageRootFolder: string, agentIdGenerator: UniqueIDGenerator, clock: Clock, logBus: LogBus): Promise<DefaultAgentManager<H>>;
     private init;
     shutdown(): Promise<void>;
     createAgent(projectRoot: string, config?: ConfigOf<H> & {
@@ -189,14 +191,25 @@ export declare class DefaultAgentManager<H extends AgentHarness = AgentHarness>
  * function returns; failures are queryable via
  * {@link AgentManager.getRestoreFailures}.
  *
- * The optional `connectivityResolver` overrides the default
- * `DefaultAgentConnectivityResolver` — used by e2e tests and custom-auth
- * deployments where the SDK should not run sf-CLI-based org resolution.
- * Production callers leave it unset.
+ * The optional third-positional `options` bag carries the SDK's per-manager
+ * opt-ins. Production callers typically leave it unset:
+ *
+ * - `connectivityResolver` — overrides the default
+ *   `DefaultAgentConnectivityResolver`; used by e2e tests and custom-auth
+ *   deployments where the SDK should not run sf-CLI-based org resolution.
+ * - `hooksForAgent` — sync callback resolving a per-agent
+ *   {@link AgentHooks} bag (today carries `onToolResult`); invoked once per
+ *   `createAgent`, boot-time restore, and `Agent.updateAgentConfig`. The
+ *   resolved bag threads through to `AgentHarness.createAgent`'s
+ *   `options.hooks` and reaches the harness's native seam (Claude
+ *   `PostToolUse`, Mastra `processInputStep`).
  *
  * @throws {AgentSDKError} `INCOMPATIBLE_HARNESS` when either the factory or
  *   the constructed harness reports a `protocolVersion` outside
  *   {@link SUPPORTED_PROTOCOL_VERSIONS}, or when the harness's reported
  *   version disagrees with the factory's.
  */
-export declare function createAgentManager<H extends AgentHarness = AgentHarness>(storageRootFolder: string, harnessFactory: HarnessFactory<H>, connectivityResolver?: AgentConnectivityResolver): Promise<AgentManager<H>>;
+export declare function createAgentManager<H extends AgentHarness = AgentHarness>(storageRootFolder: string, harnessFactory: HarnessFactory<H>, options?: {
+    connectivityResolver?: AgentConnectivityResolver;
+    hooksForAgent?: HooksForAgent;
+}): Promise<AgentManager<H>>;

package/dist/agent-manager.js

@@ -25,6 +25,7 @@ export class DefaultAgentManager {
     harness;
     agentIdGenerator;
     agentConnectivityResolver;
+    hooksForAgent;
     clock;
     identityStore;
     agents = new Map();
@@ -34,9 +35,10 @@ export class DefaultAgentManager {
     router;
     unroutedUnsubs;
     disposed = false;
-    constructor(harness, agentConnectivityResolver, identityStore, agentIdGenerator, clock, logBus) {
+    constructor(harness, agentConnectivityResolver, hooksForAgent, identityStore, agentIdGenerator, clock, logBus) {
         this.harness = harness;
         this.agentConnectivityResolver = agentConnectivityResolver;
+        this.hooksForAgent = hooksForAgent;
         this.identityStore = identityStore;
         this.agentIdGenerator = agentIdGenerator;
         this.clock = clock;
@@ -57,9 +59,9 @@ export class DefaultAgentManager {
      * is private, so this is the only way to obtain an instance, but
      * consumers should always go through {@link createAgentManager}.
      */
-    static async __build(harness, agentConnectivityResolver, storageRootFolder, agentIdGenerator, clock, logBus) {
+    static async __build(harness, agentConnectivityResolver, hooksForAgent, storageRootFolder, agentIdGenerator, clock, logBus) {
         const identityStore = new AgentIdentityStore(storageRootFolder, harness.harnessId, logBus);
-        const manager = new DefaultAgentManager(harness, agentConnectivityResolver, identityStore, agentIdGenerator, clock, logBus);
+        const manager = new DefaultAgentManager(harness, agentConnectivityResolver, hooksForAgent, identityStore, agentIdGenerator, clock, logBus);
         await manager.init();
         return manager;
     }
@@ -155,9 +157,10 @@ export class DefaultAgentManager {
             throw new Error(`projectRoot is not a directory: "${projectRoot}"`);
         }
         const runtime = await this.agentConnectivityResolver.resolve(projectRoot, config);
-        await this.harness.createAgent(agentId, projectRoot, runtime.llmGatewayClient, toHarnessConfig(config, runtime.orgJwt), options.abortSignal !== undefined ? { abortSignal: options.abortSignal } : undefined);
+        const hooks = this.hooksForAgent?.(agentId, config) ?? {};
+        await this.harness.createAgent(agentId, projectRoot, runtime.llmGatewayClient, toHarnessConfig(config, runtime.orgJwt), { ...(options.abortSignal !== undefined ? { abortSignal: options.abortSignal } : {}), hooks });
         const agentSlice = this.router.registerAgent(agentId);
-        const agent = new DefaultAgent(this.harness, agentId, projectRoot, config, runtime.llmGatewayClient, runtime.orgConnection, runtime.orgJwt, this.agentConnectivityResolver, this.identityStore, this.router, agentSlice, { telemetry: this.telemetryBus, log: this.logBus }, this.clock, this.agentIdGenerator);
+        const agent = new DefaultAgent(this.harness, agentId, projectRoot, config, runtime.llmGatewayClient, runtime.orgConnection, runtime.orgJwt, this.agentConnectivityResolver, this.hooksForAgent, this.identityStore, this.router, agentSlice, { telemetry: this.telemetryBus, log: this.logBus }, this.clock, this.agentIdGenerator);
         this.agents.set(agentId, agent);
         this.telemetryBus.emit({
             type: 'agent-created',
@@ -262,17 +265,25 @@ export class DefaultAgentManager {
  * function returns; failures are queryable via
  * {@link AgentManager.getRestoreFailures}.
  *
- * The optional `connectivityResolver` overrides the default
- * `DefaultAgentConnectivityResolver` — used by e2e tests and custom-auth
- * deployments where the SDK should not run sf-CLI-based org resolution.
- * Production callers leave it unset.
+ * The optional third-positional `options` bag carries the SDK's per-manager
+ * opt-ins. Production callers typically leave it unset:
+ *
+ * - `connectivityResolver` — overrides the default
+ *   `DefaultAgentConnectivityResolver`; used by e2e tests and custom-auth
+ *   deployments where the SDK should not run sf-CLI-based org resolution.
+ * - `hooksForAgent` — sync callback resolving a per-agent
+ *   {@link AgentHooks} bag (today carries `onToolResult`); invoked once per
+ *   `createAgent`, boot-time restore, and `Agent.updateAgentConfig`. The
+ *   resolved bag threads through to `AgentHarness.createAgent`'s
+ *   `options.hooks` and reaches the harness's native seam (Claude
+ *   `PostToolUse`, Mastra `processInputStep`).
  *
  * @throws {AgentSDKError} `INCOMPATIBLE_HARNESS` when either the factory or
  *   the constructed harness reports a `protocolVersion` outside
  *   {@link SUPPORTED_PROTOCOL_VERSIONS}, or when the harness's reported
  *   version disagrees with the factory's.
  */
-export async function createAgentManager(storageRootFolder, harnessFactory, connectivityResolver) {
+export async function createAgentManager(storageRootFolder, harnessFactory, options) {
     let stats;
     try {
         stats = await stat(storageRootFolder);
@@ -306,8 +317,8 @@ export async function createAgentManager(storageRootFolder, harnessFactory, conn
             `advertised version ${factoryVersion} (SDK supports: ${SUPPORTED_PROTOCOL_VERSIONS.join(', ')}). ` +
             `Update the SDK or harness package.`, AgentSDKErrorType.INCOMPATIBLE_HARNESS);
     }
-    const agentConnectivityResolver = connectivityResolver ?? new DefaultAgentConnectivityResolver();
-    return DefaultAgentManager.__build(harness, agentConnectivityResolver, storageRootFolder, new UUIDGenerator(), new RealClock(), new LogBus());
+    const agentConnectivityResolver = options?.connectivityResolver ?? new DefaultAgentConnectivityResolver();
+    return DefaultAgentManager.__build(harness, agentConnectivityResolver, options?.hooksForAgent, storageRootFolder, new UUIDGenerator(), new RealClock(), new LogBus());
 }
 function isSupportedProtocolVersion(version) {
     return (typeof version === 'number' &&

package/dist/agent.d.ts

@@ -7,6 +7,7 @@ import { type JSONWebToken, type LLMGatewayClient } from '@salesforce/llm-gatewa
 import { type AgentConnectivityResolver } from './agent-connectivity-resolver.js';
 import type { AgentIdentityStore } from './internal/agent-identity-store.js';
 import type { TelemetryRouter, TelemetrySlice } from './internal/telemetry-router.js';
+import type { HooksForAgent } from './types/redaction.js';
 import type { TelemetryBus, TelemetryEventCallback } from './types/telemetry-events.js';
 /**
  * Parent bus pair wired at construction time so an agent's events bubble upward into the manager's buses.
@@ -44,8 +45,13 @@ export interface Agent {
     /**
      * Request a reconnect of one MCP server on this agent without recycling
      * any other server, custom tool, instruction, or skill. Useful for
-     * recovering a single failed MCP server without paying the full
-     * `updateAgentConfig` destroy/recreate cost.
+     * recovering a single failed MCP server after a transport-level error
+     * (e.g. JWT-rotation timing on stdio servers, transient EOF on remote
+     * transports). For the diff-driven case — `Agent.updateAgentConfig`
+     * applying a new `MCPConfiguration` — the harness already preserves any
+     * server whose config is structurally unchanged and cycles only the
+     * changed/added/removed servers; an explicit `reconnectMcpServer` call
+     * is **not** required there.
      *
      * Throws if `serverName` is not configured on this agent or if the named
      * server is disabled (`enabled: false`).
@@ -132,6 +138,7 @@ export declare class DefaultAgent implements Agent {
     private orgConnection;
     private orgJwt;
     private readonly agentConnectivityResolver;
+    private readonly hooksForAgent;
     private readonly identityStore;
     private readonly sessions;
     private readonly sessionSliceUnregisters;
@@ -152,13 +159,17 @@ export declare class DefaultAgent implements Agent {
      * @param orgConnection - Authenticated org connection carrying identity and env inference.
      * @param orgJwt - Self-refreshing JWT for the resolved org (used for MCP auth injection).
      * @param agentConnectivityResolver - Used to re-resolve org connectivity when the org or model changes.
+     * @param hooksForAgent - Per-agent hooks resolver supplied by the SDK consumer at `createAgentManager` time. The
+     *     agent re-invokes it on every `updateAgentConfig` (with `nextConfig`, and again with `previousConfig` on the
+     *     rollback path) so the bag the harness sees always reflects the current persisted config. `undefined` when
+     *     the consumer didn't pass a `hooksForAgent`.
      * @param identityStore - SDK-owned persistence for the `{ agentId, projectRoot, AgentConfig }` triple. The agent
      *     calls `write()` on a successful `updateAgentConfig` so disk state and in-memory state stay in lockstep.
      * @param router - Telemetry router used to obtain session slices when sessions are created.
      * @param inbound - Router slice delivering harness events routed to this agent (non-session-scoped).
      * @param parent - Manager's bus pair; this agent forwards its events upward into them.
      */
-    constructor(harness: AgentHarness, agentId: string, projectRoot: string, config: AgentConfig, llmGatewayClient: LLMGatewayClient, orgConnection: OrgConnection, orgJwt: JSONWebToken, agentConnectivityResolver: AgentConnectivityResolver, identityStore: AgentIdentityStore, router: TelemetryRouter, inbound: TelemetrySlice, parent: AgentParentBuses, clock?: Clock, idGenerator?: UniqueIDGenerator);
+    constructor(harness: AgentHarness, agentId: string, projectRoot: string, config: AgentConfig, llmGatewayClient: LLMGatewayClient, orgConnection: OrgConnection, orgJwt: JSONWebToken, agentConnectivityResolver: AgentConnectivityResolver, hooksForAgent: HooksForAgent | undefined, identityStore: AgentIdentityStore, router: TelemetryRouter, inbound: TelemetrySlice, parent: AgentParentBuses, clock?: Clock, idGenerator?: UniqueIDGenerator);
     /**
      * @requirements
      * - MUST return the agent's ID.
@@ -178,11 +189,17 @@ export declare class DefaultAgent implements Agent {
      * @requirements
      * - MUST merge the provided `config` with the internal `config` object.
      * - MUST guarantee that the `agentId` remains unchanged during the merge.
-     * - MUST destroy the existing agent in the harness by delegating to `this.harness.destroyAgent(this.getId())`.
-     * - MUST recreate the agent in the harness with the newly merged configuration by delegating to `this.harness.createAgent(...)`.
-     * - MUST persist the merged config via `this.identityStore.write(...)` after the harness recreate succeeds and
-     *   before the in-memory swaps, so a write failure rolls back through the same catch path as a recreate failure.
-     * - MUST preserve the previous in-memory config state if recreation or persistence fails.
+     * - MUST apply the merged config to the harness via `this.harness.updateAgent(...)` — a single primitive
+     *   that preserves any MCP client whose `MCPServerConfig` is structurally equal to the currently-applied one.
+     *   The destroy+recreate shape this method used pre-#541 closed every MCP client on a model-only or
+     *   instructions-only or org-connect-only change; the new shape preserves them and only cycles servers
+     *   that actually changed.
+     * - MUST persist the merged config via `this.identityStore.write(...)` after `harness.updateAgent` succeeds
+     *   and before the in-memory swaps, so a write failure rolls back through the same catch path as an
+     *   `updateAgent` failure.
+     * - MUST preserve the previous in-memory config state if `updateAgent` or persistence fails. Rollback
+     *   uses the same `harness.updateAgent` primitive against the previous config — the harness re-diffs
+     *   against its current (possibly partially-updated) state and reverts only the actual deltas.
      */
     updateAgentConfig(config?: AgentConfig, options?: {
         abortSignal?: AbortSignal;

package/dist/agent.js

@@ -21,6 +21,7 @@ export class DefaultAgent {
     orgConnection;
     orgJwt;
     agentConnectivityResolver;
+    hooksForAgent;
     identityStore;
     sessions = new Map();
     sessionSliceUnregisters = new Map();
@@ -41,13 +42,17 @@ export class DefaultAgent {
      * @param orgConnection - Authenticated org connection carrying identity and env inference.
      * @param orgJwt - Self-refreshing JWT for the resolved org (used for MCP auth injection).
      * @param agentConnectivityResolver - Used to re-resolve org connectivity when the org or model changes.
+     * @param hooksForAgent - Per-agent hooks resolver supplied by the SDK consumer at `createAgentManager` time. The
+     *     agent re-invokes it on every `updateAgentConfig` (with `nextConfig`, and again with `previousConfig` on the
+     *     rollback path) so the bag the harness sees always reflects the current persisted config. `undefined` when
+     *     the consumer didn't pass a `hooksForAgent`.
      * @param identityStore - SDK-owned persistence for the `{ agentId, projectRoot, AgentConfig }` triple. The agent
      *     calls `write()` on a successful `updateAgentConfig` so disk state and in-memory state stay in lockstep.
      * @param router - Telemetry router used to obtain session slices when sessions are created.
      * @param inbound - Router slice delivering harness events routed to this agent (non-session-scoped).
      * @param parent - Manager's bus pair; this agent forwards its events upward into them.
      */
-    constructor(harness, agentId, projectRoot, config, llmGatewayClient, orgConnection, orgJwt, agentConnectivityResolver, identityStore, router, inbound, parent, clock = new RealClock(), idGenerator = new UUIDGenerator()) {
+    constructor(harness, agentId, projectRoot, config, llmGatewayClient, orgConnection, orgJwt, agentConnectivityResolver, hooksForAgent, identityStore, router, inbound, parent, clock = new RealClock(), idGenerator = new UUIDGenerator()) {
         this.harness = harness;
         this.agentId = agentId;
         this.projectRoot = projectRoot;
@@ -56,6 +61,7 @@ export class DefaultAgent {
         this.orgConnection = orgConnection;
         this.orgJwt = orgJwt;
         this.agentConnectivityResolver = agentConnectivityResolver;
+        this.hooksForAgent = hooksForAgent;
         this.identityStore = identityStore;
         this.router = router;
         this.clock = clock;
@@ -100,11 +106,17 @@ export class DefaultAgent {
      * @requirements
      * - MUST merge the provided `config` with the internal `config` object.
      * - MUST guarantee that the `agentId` remains unchanged during the merge.
-     * - MUST destroy the existing agent in the harness by delegating to `this.harness.destroyAgent(this.getId())`.
-     * - MUST recreate the agent in the harness with the newly merged configuration by delegating to `this.harness.createAgent(...)`.
-     * - MUST persist the merged config via `this.identityStore.write(...)` after the harness recreate succeeds and
-     *   before the in-memory swaps, so a write failure rolls back through the same catch path as a recreate failure.
-     * - MUST preserve the previous in-memory config state if recreation or persistence fails.
+     * - MUST apply the merged config to the harness via `this.harness.updateAgent(...)` — a single primitive
+     *   that preserves any MCP client whose `MCPServerConfig` is structurally equal to the currently-applied one.
+     *   The destroy+recreate shape this method used pre-#541 closed every MCP client on a model-only or
+     *   instructions-only or org-connect-only change; the new shape preserves them and only cycles servers
+     *   that actually changed.
+     * - MUST persist the merged config via `this.identityStore.write(...)` after `harness.updateAgent` succeeds
+     *   and before the in-memory swaps, so a write failure rolls back through the same catch path as an
+     *   `updateAgent` failure.
+     * - MUST preserve the previous in-memory config state if `updateAgent` or persistence fails. Rollback
+     *   uses the same `harness.updateAgent` primitive against the previous config — the harness re-diffs
+     *   against its current (possibly partially-updated) state and reverts only the actual deltas.
      */
     async updateAgentConfig(config = {}, options) {
         this.assertNotDisposed();
@@ -129,13 +141,14 @@ export class DefaultAgent {
             // (If modelId is omitted, the resolver pinned the default at creation time.)
             nextClient.setModel(nextModel);
         }
-        await this.harness.destroyAgent(this.agentId);
-        let nextConfigRegistered = false;
         try {
-            await this.harness.createAgent(this.agentId, this.projectRoot, nextClient, toHarnessConfig(nextConfig, nextOrgJwt), options);
-            nextConfigRegistered = true;
+            const nextHooks = this.hooksForAgent?.(this.agentId, nextConfig) ?? {};
+            await this.harness.updateAgent(this.agentId, nextClient, toHarnessConfig(nextConfig, nextOrgJwt), {
+                ...(options?.abortSignal !== undefined ? { abortSignal: options.abortSignal } : {}),
+                hooks: nextHooks,
+            });
             // Persist before the in-memory swaps so a write failure flows through the same
-            // catch block as a recreate failure: the rollback restores the harness with
+            // catch block as an updateAgent failure: the rollback re-runs updateAgent against
             // previousConfig and disk state remains the pre-update record.
             await this.identityStore.write(this.agentId, this.projectRoot, nextConfig);
             this.config = nextConfig;
@@ -158,15 +171,11 @@ export class DefaultAgent {
                 if (nextClient === previousClient) {
                     previousClient.setModel(previousModel);
                 }
-                // Clear nextConfig registration only when the harness recreate
-                // actually succeeded (identityStore.write-failure path) — the
-                // harness throws on unknown id, so calling destroyAgent on the
-                // harness-recreate-failure path would short-circuit the rollback
-                // createAgent below.
-                if (nextConfigRegistered) {
-                    await this.harness.destroyAgent(this.agentId);
-                }
-                await this.harness.createAgent(this.agentId, this.projectRoot, previousClient, toHarnessConfig(previousConfig, previousOrgJwt));
+                // Re-apply the previous config through the same primitive. The harness re-diffs
+                // against its current state — if updateAgent partially applied (e.g. some MCP
+                // servers were already cycled), reverting via updateAgent restores them too.
+                const previousHooks = this.hooksForAgent?.(this.agentId, previousConfig) ?? {};
+                await this.harness.updateAgent(this.agentId, previousClient, toHarnessConfig(previousConfig, previousOrgJwt), { hooks: previousHooks });
             }
             catch {
                 // Ignore restoration errors; rethrow the original failure.