@vfarcic/dot-ai 1.10.2 → 1.12.0

package/dist/core/ai-provider-factory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ai-provider-factory.d.ts","sourceRoot":"","sources":["../../src/core/ai-provider-factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,UAAU,EACV,gBAAgB,EACjB,MAAM,yBAAyB,CAAC;AA6BjC;;;;;;;;;;;;;;GAcG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,GAAG,UAAU;IA2BnD;;;;;;;;;;OAUG;IACH,MAAM,CAAC,aAAa,IAAI,UAAU;IAoFlC;;;;;OAKG;IACH,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAWrD;;;;OAIG;IACH,MAAM,CAAC,qBAAqB,IAAI,MAAM,EAAE;IAMxC;;;;;OAKG;IACH,MAAM,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CAGxD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,UAAU,CAE7C"}
+{"version":3,"file":"ai-provider-factory.d.ts","sourceRoot":"","sources":["../../src/core/ai-provider-factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,UAAU,EACV,gBAAgB,EACjB,MAAM,yBAAyB,CAAC;AA8BjC;;;;;;;;;;;;;;GAcG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,GAAG,UAAU;IA2BnD;;;;;;;;;;OAUG;IACH,MAAM,CAAC,aAAa,IAAI,UAAU;IAoFlC;;;;;OAKG;IACH,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAWrD;;;;OAIG;IACH,MAAM,CAAC,qBAAqB,IAAI,MAAM,EAAE;IAMxC;;;;;OAKG;IACH,MAAM,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CAGxD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,UAAU,CAE7C"}

package/dist/core/ai-provider-factory.js

@@ -28,6 +28,7 @@ const PROVIDER_ENV_KEYS = {
     google: 'GOOGLE_GENERATIVE_AI_API_KEY', // Standard Vercel AI SDK env var (also checks GOOGLE_API_KEY as fallback)
     google_flash: 'GOOGLE_GENERATIVE_AI_API_KEY', // PRD #294: Uses same API key as regular Google
     kimi: 'MOONSHOT_API_KEY', // PRD #353: Moonshot AI Kimi K2.5
+    alibaba: 'ALIBABA_API_KEY', // PRD #382: Alibaba Qwen 3.5 Plus
     xai: 'XAI_API_KEY',
 };
 const IMPLEMENTED_PROVIDERS = Object.keys(model_config_1.CURRENT_MODELS);

package/dist/core/error-handling.js

@@ -109,7 +109,7 @@ class ConsoleLogger {
         const timestamp = new Date().toISOString();
         const baseMessage = `[${timestamp}] ${level.toUpperCase()} [${this.component}] ${message}`;
         if (data) {
-            return `${baseMessage} ${JSON.stringify(data, null, 2)}`;
+            return `${baseMessage} ${JSON.stringify(data)}`;
         }
         return baseMessage;
     }

package/dist/core/git-utils.d.ts

@@ -23,6 +23,11 @@ export declare function scrubCredentials(message: string): string;
 export declare function getAuthenticatedUrl(repoUrl: string, token: string): string;
 export declare function getAuthToken(authConfig: GitAuthConfig): Promise<string>;
 export declare function getGitAuthConfigFromEnv(): GitAuthConfig;
+/**
+ * Sanitize a relative path to prevent directory traversal.
+ * Rejects absolute paths and paths that escape the base directory.
+ */
+export declare function sanitizeRelativePath(relativePath: string): string;
 export interface CloneOptions {
     branch?: string;
     depth?: number;

package/dist/core/git-utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"git-utils.d.ts","sourceRoot":"","sources":["../../src/core/git-utils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAYH,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE;QACV,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AASD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIxD;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAK1E;AA2ED,wBAAsB,YAAY,CAAC,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAc7E;AAED,wBAAgB,uBAAuB,IAAI,aAAa,CAyBvD;AAeD,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,SAAS,CAC7B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE,YAAY,GAClB,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA6BhD;AAID,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA8B5E;AAID,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1C;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,wBAAsB,QAAQ,CAC5B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,EAC/C,aAAa,EAAE,MAAM,EACrB,IAAI,CAAC,EAAE,WAAW,GACjB,OAAO,CAAC,UAAU,CAAC,CAyErB"}
+{"version":3,"file":"git-utils.d.ts","sourceRoot":"","sources":["../../src/core/git-utils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAYH,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE;QACV,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AASD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIxD;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAK1E;AA2ED,wBAAsB,YAAY,CAAC,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAc7E;AAED,wBAAgB,uBAAuB,IAAI,aAAa,CAyBvD;AAeD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CASjE;AAID,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,SAAS,CAC7B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE,YAAY,GAClB,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA6BhD;AAID,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA8B5E;AAID,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1C;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,wBAAsB,QAAQ,CAC5B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,EAC/C,aAAa,EAAE,MAAM,EACrB,IAAI,CAAC,EAAE,WAAW,GACjB,OAAO,CAAC,UAAU,CAAC,CAyErB"}

package/dist/core/git-utils.js

@@ -53,6 +53,7 @@ exports.scrubCredentials = scrubCredentials;
 exports.getAuthenticatedUrl = getAuthenticatedUrl;
 exports.getAuthToken = getAuthToken;
 exports.getGitAuthConfigFromEnv = getGitAuthConfigFromEnv;
+exports.sanitizeRelativePath = sanitizeRelativePath;
 exports.cloneRepo = cloneRepo;
 exports.pullRepo = pullRepo;
 exports.pushRepo = pushRepo;
@@ -161,6 +162,21 @@ function gitOptions(baseDir) {
         timeout: { block: GIT_TIMEOUT_MS },
     };
 }
+// ─── Path safety ───
+/**
+ * Sanitize a relative path to prevent directory traversal.
+ * Rejects absolute paths and paths that escape the base directory.
+ */
+function sanitizeRelativePath(relativePath) {
+    if (relativePath.startsWith('/')) {
+        throw new Error('Relative path cannot be absolute');
+    }
+    const normalized = path.posix.normalize(relativePath);
+    if (normalized.startsWith('..') || path.posix.isAbsolute(normalized)) {
+        throw new Error('Relative path cannot escape target directory');
+    }
+    return normalized;
+}
 async function cloneRepo(repoUrl, targetDir, opts) {
     const authConfig = getGitAuthConfigFromEnv();
     let cloneUrl;

package/dist/core/internal-tools.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Internal Agentic-Loop Tools (PRD #407)
+ *
+ * Tools that run locally in the MCP server, available to the AI
+ * during investigation loops alongside plugin tools. NOT exposed
+ * to client agents — only the AI inside toolLoop() calls these.
+ *
+ * Tools:
+ * - git_clone: Clone a Git repo
+ * - fs_list: List files at a path
+ * - fs_read: Read a file at a path
+ *
+ * All filesystem operations are scoped to ./tmp/gitops-clones/
+ * to prevent path traversal attacks.
+ */
+import type { AITool, ToolExecutor } from './ai-provider.interface.js';
+/**
+ * Validate that a relative path is safe and resolve it within the clones directory.
+ * Uses sanitizeRelativePath for traversal checks, then resolves to absolute.
+ * Exported for testing.
+ */
+export declare function validatePathWithinClones(inputPath: string): string;
+export declare function getInternalTools(): AITool[];
+/**
+ * Create a ToolExecutor that handles internal agentic-loop tools.
+ * Designed to be passed as the fallbackExecutor to pluginManager.createToolExecutor().
+ */
+export declare function createInternalToolExecutor(sessionId: string): ToolExecutor;
+/**
+ * Remove session clone directories older than the TTL.
+ * Called at the start of each new remediate investigation.
+ * Non-blocking: runs cleanup in the background without delaying investigation.
+ */
+export declare function cleanupOldClones(maxAgeMs?: number): void;
+//# sourceMappingURL=internal-tools.d.ts.map

package/dist/core/internal-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-tools.d.ts","sourceRoot":"","sources":["../../src/core/internal-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAcvE;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAUlE;AAkBD,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAgD3C;AAmHD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,CAoB1E;AAID;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,GAAE,MAAuB,GAAG,IAAI,CAoBxE"}

package/dist/core/internal-tools.js

@@ -0,0 +1,286 @@
+"use strict";
+/**
+ * Internal Agentic-Loop Tools (PRD #407)
+ *
+ * Tools that run locally in the MCP server, available to the AI
+ * during investigation loops alongside plugin tools. NOT exposed
+ * to client agents — only the AI inside toolLoop() calls these.
+ *
+ * Tools:
+ * - git_clone: Clone a Git repo
+ * - fs_list: List files at a path
+ * - fs_read: Read a file at a path
+ *
+ * All filesystem operations are scoped to ./tmp/gitops-clones/
+ * to prevent path traversal attacks.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validatePathWithinClones = validatePathWithinClones;
+exports.getInternalTools = getInternalTools;
+exports.createInternalToolExecutor = createInternalToolExecutor;
+exports.cleanupOldClones = cleanupOldClones;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const git_utils_js_1 = require("./git-utils.js");
+const solution_utils_js_1 = require("./solution-utils.js");
+const CLONES_SUBDIR = 'gitops-clones';
+const MAX_FILE_SIZE = 100 * 1024; // 100KB
+const DEFAULT_TTL_MS = 60 * 60 * 1000; // 1 hour
+// ─── Path security ───
+function getClonesDir() {
+    return path.resolve(process.cwd(), 'tmp', CLONES_SUBDIR);
+}
+/**
+ * Validate that a relative path is safe and resolve it within the clones directory.
+ * Uses sanitizeRelativePath for traversal checks, then resolves to absolute.
+ * Exported for testing.
+ */
+function validatePathWithinClones(inputPath) {
+    // Decode URL-encoded characters (e.g., %2e%2e/ for ../) before validation
+    let decoded;
+    try {
+        decoded = decodeURIComponent(inputPath);
+    }
+    catch {
+        decoded = inputPath;
+    }
+    const sanitized = (0, git_utils_js_1.sanitizeRelativePath)(decoded);
+    return path.resolve(getClonesDir(), sanitized);
+}
+// ─── Repo name sanitization ───
+function repoUrlToDirectoryName(repoUrl) {
+    try {
+        const url = new URL(repoUrl);
+        const repoPath = url.pathname
+            .replace(/^\//, '')
+            .replace(/\.git$/, '');
+        return (0, solution_utils_js_1.sanitizeIntentForLabel)(repoPath);
+    }
+    catch {
+        return (0, solution_utils_js_1.sanitizeIntentForLabel)(repoUrl.slice(0, 63));
+    }
+}
+// ─── Tool definitions ───
+function getInternalTools() {
+    return [
+        {
+            name: 'git_clone',
+            description: 'Clone a Git repository. Returns a relative path to the cloned repo.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    repoUrl: {
+                        type: 'string',
+                        description: 'Repository URL (HTTPS)',
+                    },
+                },
+                required: ['repoUrl'],
+            },
+        },
+        {
+            name: 'fs_list',
+            description: 'List files and directories at a relative path within the working directory.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    path: {
+                        type: 'string',
+                        description: 'Relative path to list',
+                    },
+                },
+                required: ['path'],
+            },
+        },
+        {
+            name: 'fs_read',
+            description: 'Read file contents at a relative path within the working directory.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    path: {
+                        type: 'string',
+                        description: 'Relative path to file',
+                    },
+                },
+                required: ['path'],
+            },
+        },
+    ];
+}
+// ─── Handlers ───
+async function handleGitClone(args, sessionId) {
+    const repoUrl = args.repoUrl;
+    if (!repoUrl) {
+        return 'Error: repoUrl is required';
+    }
+    const repoName = repoUrlToDirectoryName(repoUrl);
+    const relativePath = path.join(sessionId, repoName);
+    const targetDir = path.join(getClonesDir(), relativePath);
+    if (fs.existsSync(targetDir)) {
+        return { localPath: relativePath, message: 'Repository already cloned' };
+    }
+    const parentDir = path.dirname(targetDir);
+    if (!fs.existsSync(parentDir)) {
+        fs.mkdirSync(parentDir, { recursive: true });
+    }
+    try {
+        const result = await (0, git_utils_js_1.cloneRepo)(repoUrl, targetDir, { depth: 1 });
+        return { localPath: relativePath, branch: result.branch };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return `Error cloning repository: ${(0, git_utils_js_1.scrubCredentials)(message)}`;
+    }
+}
+function handleFsList(args) {
+    const inputPath = args.path;
+    if (!inputPath) {
+        return 'Error: path is required';
+    }
+    let resolved;
+    try {
+        resolved = validatePathWithinClones(inputPath);
+    }
+    catch (err) {
+        return `Error: ${err instanceof Error ? err.message : String(err)}`;
+    }
+    if (!fs.existsSync(resolved)) {
+        return `Error: path does not exist: ${inputPath}`;
+    }
+    const stat = fs.statSync(resolved);
+    if (!stat.isDirectory()) {
+        return `Error: path is not a directory: ${inputPath}`;
+    }
+    const entries = fs.readdirSync(resolved, { withFileTypes: true });
+    return entries.map((entry) => ({
+        name: entry.name,
+        type: entry.isDirectory() ? 'directory' : 'file',
+    }));
+}
+function handleFsRead(args) {
+    const inputPath = args.path;
+    if (!inputPath) {
+        return 'Error: path is required';
+    }
+    let resolved;
+    try {
+        resolved = validatePathWithinClones(inputPath);
+    }
+    catch (err) {
+        return `Error: ${err instanceof Error ? err.message : String(err)}`;
+    }
+    if (!fs.existsSync(resolved)) {
+        return `Error: file does not exist: ${inputPath}`;
+    }
+    const stat = fs.statSync(resolved);
+    if (stat.isDirectory()) {
+        return `Error: path is a directory, not a file: ${inputPath}`;
+    }
+    // Binary detection: check first 8KB for null bytes
+    const detectBuffer = Buffer.alloc(Math.min(8192, stat.size));
+    const fd = fs.openSync(resolved, 'r');
+    try {
+        fs.readSync(fd, detectBuffer, 0, detectBuffer.length, 0);
+    }
+    finally {
+        fs.closeSync(fd);
+    }
+    if (detectBuffer.includes(0)) {
+        return 'Binary file, cannot display';
+    }
+    if (stat.size > MAX_FILE_SIZE) {
+        const buffer = Buffer.alloc(MAX_FILE_SIZE);
+        const fd = fs.openSync(resolved, 'r');
+        try {
+            const bytesRead = fs.readSync(fd, buffer, 0, MAX_FILE_SIZE, 0);
+            const content = buffer.toString('utf-8', 0, bytesRead);
+            return `${content}\n\n[Truncated: file exceeds ${MAX_FILE_SIZE / 1024}KB limit]`;
+        }
+        finally {
+            fs.closeSync(fd);
+        }
+    }
+    return fs.readFileSync(resolved, 'utf-8');
+}
+// ─── Combined executor ───
+/**
+ * Create a ToolExecutor that handles internal agentic-loop tools.
+ * Designed to be passed as the fallbackExecutor to pluginManager.createToolExecutor().
+ */
+function createInternalToolExecutor(sessionId) {
+    const handlers = {
+        git_clone: (args) => handleGitClone(args, sessionId),
+        fs_list: handleFsList,
+        fs_read: handleFsRead,
+    };
+    return async (toolName, input) => {
+        const handler = handlers[toolName];
+        if (!handler) {
+            return `Error: unknown internal tool: ${toolName}`;
+        }
+        if (typeof input !== 'object' || input === null || Array.isArray(input)) {
+            return 'Error: tool input must be an object';
+        }
+        return handler(input);
+    };
+}
+// ─── TTL cleanup ───
+/**
+ * Remove session clone directories older than the TTL.
+ * Called at the start of each new remediate investigation.
+ * Non-blocking: runs cleanup in the background without delaying investigation.
+ */
+function cleanupOldClones(maxAgeMs = DEFAULT_TTL_MS) {
+    const clonesDir = getClonesDir();
+    fs.promises.access(clonesDir).then(async () => {
+        const now = Date.now();
+        const entries = await fs.promises.readdir(clonesDir);
+        for (const entry of entries) {
+            const entryPath = path.join(clonesDir, entry);
+            try {
+                const stat = await fs.promises.stat(entryPath);
+                if (stat.isDirectory() && now - stat.mtimeMs > maxAgeMs) {
+                    await fs.promises.rm(entryPath, { recursive: true, force: true });
+                }
+            }
+            catch {
+                // Ignore errors during cleanup (e.g., concurrent deletion)
+            }
+        }
+    }).catch(() => {
+        // Directory doesn't exist yet, nothing to clean
+    });
+}

package/dist/core/mcp-client-manager.d.ts

@@ -0,0 +1,88 @@
+/**
+ * MCP Client Manager for dot-ai MCP Server Integration
+ *
+ * Connects to external MCP servers running in the cluster, discovers their tools,
+ * and makes them available to dot-ai operations (remediate, operate, query) via
+ * the attachTo routing mechanism.
+ *
+ * PRD #358: MCP Server Integration
+ */
+import { McpServerConfig, DiscoveredMcpServer, McpServerStats, McpAttachableOperation } from './mcp-client-types';
+import { Logger } from './error-handling';
+import { AITool, ToolExecutor } from './ai-provider.interface';
+/**
+ * Manages MCP server connections, tool discovery, and tool routing.
+ *
+ * Follows the same structural patterns as PluginManager but uses
+ * the MCP SDK (Client + StreamableHTTPClientTransport) instead of HTTP REST.
+ */
+export declare class McpClientManager {
+    private readonly logger;
+    /** MCP SDK Client instances keyed by server name */
+    private readonly clients;
+    /** Transport instances keyed by server name (needed for cleanup) */
+    private readonly transports;
+    /** Discovered server metadata keyed by server name */
+    private readonly discoveredServers;
+    /** Maps namespaced tool name → server name for routing */
+    private readonly toolToServer;
+    constructor(logger: Logger);
+    /**
+     * Parse MCP server configuration from file.
+     *
+     * Reads from /etc/dot-ai-mcp/mcp-servers.json (mounted from ConfigMap in K8s).
+     * Returns empty array if file doesn't exist (MCP servers only work in-cluster).
+     * Throws on invalid JSON or malformed configuration.
+     */
+    static parseMcpServerConfig(): McpServerConfig[];
+    /**
+     * Discover all configured MCP servers.
+     *
+     * Connects to each server, performs MCP handshake, and discovers available tools.
+     * All servers must connect successfully — any failure throws McpDiscoveryError.
+     */
+    discoverMcpServers(configs: McpServerConfig[]): Promise<void>;
+    /**
+     * Connect to a single MCP server and discover its tools.
+     */
+    private connectAndDiscover;
+    /**
+     * Get tools available for a specific dot-ai operation, filtered by attachTo.
+     *
+     * Returns tools as AITool[] with namespaced names ({serverName}__{toolName}).
+     */
+    getToolsForOperation(operation: McpAttachableOperation): AITool[];
+    /**
+     * Get all discovered tools across all servers.
+     */
+    getAllDiscoveredTools(): AITool[];
+    /**
+     * Check if a tool name belongs to an MCP server (is namespaced).
+     */
+    isMcpTool(toolName: string): boolean;
+    /**
+     * Create a ToolExecutor that routes MCP tools to their servers.
+     *
+     * Returns a function compatible with toolLoop's toolExecutor parameter.
+     * MCP tools (namespaced) are routed to their MCP servers; non-MCP tools
+     * are routed to the optional fallback executor.
+     */
+    createToolExecutor(fallbackExecutor?: ToolExecutor): ToolExecutor;
+    /**
+     * Get statistics about MCP server connections.
+     */
+    getStats(): McpServerStats;
+    /**
+     * Get discovered server metadata.
+     */
+    getDiscoveredServers(): DiscoveredMcpServer[];
+    /**
+     * Close all MCP server connections.
+     */
+    close(): Promise<void>;
+    /**
+     * Convert an MCP tool definition to AITool format with namespaced name.
+     */
+    private convertToAITool;
+}
+//# sourceMappingURL=mcp-client-manager.d.ts.map

package/dist/core/mcp-client-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-client-manager.d.ts","sourceRoot":"","sources":["../../src/core/mcp-client-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,EACL,eAAe,EAEf,mBAAmB,EACnB,cAAc,EAEd,sBAAsB,EACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAW/D;;;;;GAKG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAEhC,oDAAoD;IACpD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkC;IAE1D,oEAAoE;IACpE,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAyD;IAEpF,sDAAsD;IACtD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA+C;IAEjF,0DAA0D;IAC1D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAEnD,MAAM,EAAE,MAAM;IAI1B;;;;;;OAMG;IACH,MAAM,CAAC,oBAAoB,IAAI,eAAe,EAAE;IA+DhD;;;;;OAKG;IACG,kBAAkB,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAwCnE;;OAEG;YACW,kBAAkB;IAmGhC;;;;OAIG;IACH,oBAAoB,CAAC,SAAS,EAAE,sBAAsB,GAAG,MAAM,EAAE;IAoBjE;;OAEG;IACH,qBAAqB,IAAI,MAAM,EAAE;IAejC;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIpC;;;;;;OAMG;IACH,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,YAAY,GAAG,YAAY;IA6DjE;;OAEG;IACH,QAAQ,IAAI,cAAc;IAQ1B;;OAEG;IACH,oBAAoB,IAAI,mBAAmB,EAAE;IAI7C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB5B;;OAEG;IACH,OAAO,CAAC,eAAe;CAYxB"}