agent-relay 2.0.12 → 2.0.14

package/packages/bridge/dist/spawner.js

@@ -23,6 +23,7 @@ import { AgentPolicyService } from '@agent-relay/policy';
 import { buildClaudeArgs, findAgentConfig } from '@agent-relay/config/agent-config';
 import { composeForAgent } from '@agent-relay/wrapper';
 import { getUserDirectoryService } from '@agent-relay/user-directory';
+import { installMcpConfig } from '@agent-relay/mcp';
 // Logger instance for spawner (uses daemon log system instead of console)
 const log = createLogger('spawner');
 /**
@@ -63,23 +64,67 @@ function extractGhTokenFromHosts(content) {
     return null;
 }
 /**
- * Ensure MCP permissions are pre-configured for Claude Code.
+ * Ensure MCP permissions are pre-configured for the given CLI type.
  * This prevents MCP approval prompts from blocking agent initialization.
  *
- * Creates/updates .claude/settings.local.json with:
+ * For Claude Code: Creates/updates .claude/settings.local.json with:
  * - enableAllProjectMcpServers: true (auto-approve project MCP servers)
- * - permissions.allow: ["mcp__agent-relay"] (pre-approve agent-relay MCP tools)
+ * - permissions.allow: ["mcp__agent-relay__*"] (pre-approve all agent-relay MCP tools)
+ *
+ * For Cursor: Creates/updates .cursor/settings.json with MCP permissions
+ * For Gemini: Creates/updates .gemini/settings.json with MCP permissions
+ * For Windsurf: Creates/updates .windsurf/settings.json with MCP permissions
+ * Other CLIs: May use CLI flags instead of config-based permissions
  *
  * @param projectRoot - The project root directory
+ * @param cliType - The CLI type (claude, codex, gemini, cursor, etc.)
  * @param debug - Whether to log debug information
  */
-function ensureMcpPermissions(projectRoot, debug = false) {
-    const settingsDir = path.join(projectRoot, '.claude');
-    const settingsPath = path.join(settingsDir, 'settings.local.json');
+export function ensureMcpPermissions(projectRoot, cliType, debug = false) {
+    const home = process.env.HOME || '';
+    const configMap = {
+        claude: {
+            // Use global settings for Claude
+            // enableAllProjectMcpServers enables project-local .mcp.json files
+            settingsDir: path.join(home, '.claude'),
+            settingsFile: 'settings.local.json',
+            permissionKey: 'permissions.allow',
+            enableAllKey: 'enableAllProjectMcpServers',
+        },
+        cursor: {
+            settingsDir: path.join(projectRoot, '.cursor'),
+            settingsFile: 'settings.json',
+            permissionKey: 'permissions.allow',
+        },
+        gemini: {
+            settingsDir: path.join(projectRoot, '.gemini'),
+            settingsFile: 'settings.json',
+            permissionKey: 'permissions.allow',
+        },
+        windsurf: {
+            settingsDir: path.join(projectRoot, '.windsurf'),
+            settingsFile: 'settings.json',
+            permissionKey: 'permissions.allow',
+        },
+        // Codex uses TOML config and --dangerously-bypass-approvals-and-sandbox flag
+        // OpenCode and Droid may not need config-based permissions
+    };
+    // Normalize CLI type
+    const normalizedCli = cliType.toLowerCase().replace(/^(claude|codex|gemini|cursor|agent|windsurf).*/, '$1');
+    // Map 'agent' (Cursor CLI) to 'cursor'
+    const effectiveCli = normalizedCli === 'agent' ? 'cursor' : normalizedCli;
+    const config = configMap[effectiveCli];
+    if (!config) {
+        // CLI doesn't use config-based MCP permissions (uses CLI flags instead)
+        if (debug)
+            log.debug(`CLI ${cliType} uses flag-based permissions, skipping config setup`);
+        return;
+    }
+    const settingsPath = path.join(config.settingsDir, config.settingsFile);
     try {
-        // Ensure .claude directory exists
-        if (!fs.existsSync(settingsDir)) {
-            fs.mkdirSync(settingsDir, { recursive: true });
+        // Ensure settings directory exists
+        if (!fs.existsSync(config.settingsDir)) {
+            fs.mkdirSync(config.settingsDir, { recursive: true });
         }
         // Read existing settings or start fresh
         let settings = {};
@@ -93,28 +138,39 @@ function ensureMcpPermissions(projectRoot, debug = false) {
                 settings = {};
             }
         }
-        // Set enableAllProjectMcpServers to auto-approve MCP servers in .mcp.json
-        if (settings.enableAllProjectMcpServers !== true) {
-            settings.enableAllProjectMcpServers = true;
+        // Set enableAllProjectMcpServers if supported (Claude-specific)
+        if (config.enableAllKey && settings[config.enableAllKey] !== true) {
+            settings[config.enableAllKey] = true;
             if (debug)
-                log.debug('Setting enableAllProjectMcpServers: true');
+                log.debug(`Setting ${config.enableAllKey}: true`);
         }
         // Ensure permissions.allow includes agent-relay MCP
-        // Format: "mcp__serverName" approves all tools from that server
-        if (!settings.permissions || typeof settings.permissions !== 'object') {
-            settings.permissions = {};
-        }
-        const permissions = settings.permissions;
-        if (!Array.isArray(permissions.allow)) {
-            permissions.allow = [];
-        }
-        const allowList = permissions.allow;
-        // Add agent-relay MCP permission if not already present
-        const agentRelayPermission = 'mcp__agent-relay';
-        if (!allowList.includes(agentRelayPermission)) {
-            allowList.push(agentRelayPermission);
-            if (debug)
-                log.debug(`Added MCP permission: ${agentRelayPermission}`);
+        if (config.permissionKey) {
+            // Parse nested key (e.g., 'permissions.allow')
+            const keyParts = config.permissionKey.split('.');
+            let current = settings;
+            // Navigate/create nested structure
+            for (let i = 0; i < keyParts.length - 1; i++) {
+                const key = keyParts[i];
+                if (!current[key] || typeof current[key] !== 'object') {
+                    current[key] = {};
+                }
+                current = current[key];
+            }
+            // Ensure allow list exists
+            const finalKey = keyParts[keyParts.length - 1];
+            if (!Array.isArray(current[finalKey])) {
+                current[finalKey] = [];
+            }
+            const allowList = current[finalKey];
+            // Add agent-relay MCP permission if not already present
+            // Format: mcp__<serverName>__* approves all tools from that server
+            const agentRelayPermission = 'mcp__agent-relay__*';
+            if (!allowList.includes(agentRelayPermission)) {
+                allowList.push(agentRelayPermission);
+                if (debug)
+                    log.debug(`Added MCP permission: ${agentRelayPermission}`);
+            }
         }
         // Write updated settings
         fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
@@ -124,6 +180,7 @@ function ensureMcpPermissions(projectRoot, debug = false) {
     catch (err) {
         // Log but don't fail - this is a best-effort optimization
         log.warn('Failed to pre-configure MCP permissions', {
+            cli: cliType,
             error: err instanceof Error ? err.message : String(err),
         });
     }
@@ -544,14 +601,12 @@ export class AgentSpawner {
                 // Command wasn't resolved - it might not exist
                 log.warn(`Could not resolve path for '${commandName}', spawn may fail`);
             }
+            // Pre-configure MCP permissions for all supported CLIs
+            // This creates/updates CLI-specific settings files with agent-relay permissions
+            ensureMcpPermissions(this.projectRoot, commandName, debug);
             // Add --dangerously-skip-permissions for Claude agents
             const isClaudeCli = commandName.startsWith('claude');
             if (isClaudeCli) {
-                // Pre-configure MCP permissions to avoid approval prompts blocking initialization
-                // This creates/updates .claude/settings.local.json with:
-                // - enableAllProjectMcpServers: true
-                // - permissions.allow: ["mcp__agent-relay"]
-                ensureMcpPermissions(this.projectRoot, debug);
                 if (!args.includes('--dangerously-skip-permissions')) {
                     args.push('--dangerously-skip-permissions');
                 }
@@ -573,7 +628,7 @@ export class AgentSpawner {
                     ? mapModelToCli(modelFromProfile)
                     : mapModelToCli(); // defaults to claude:sonnet
                 // Extract effective model name for logging
-                const effectiveModel = modelFromProfile || 'sonnet';
+                const effectiveModel = modelFromProfile || 'opus';
                 const configuredArgs = buildClaudeArgs(name, args, this.projectRoot);
                 // Replace args with configured version (includes --model and --agent if found)
                 args.length = 0;
@@ -593,17 +648,44 @@ export class AgentSpawner {
             if (isGeminiCli && !args.includes('--yolo')) {
                 args.push('--yolo');
             }
+            // Auto-install MCP config if not present (project-local)
+            // Uses .mcp.json in the project root - doesn't modify global settings
+            const projectMcpConfigPath = path.join(this.projectRoot, '.mcp.json');
+            const mcpSocketPath = path.join(this.projectRoot, '.agent-relay', 'relay.sock');
+            const hasMcpConfig = fs.existsSync(projectMcpConfigPath);
+            if (!hasMcpConfig) {
+                try {
+                    const result = installMcpConfig(projectMcpConfigPath, {
+                        configKey: 'mcpServers',
+                        // Set RELAY_SOCKET so MCP server finds daemon regardless of CWD
+                        env: { RELAY_SOCKET: mcpSocketPath },
+                    });
+                    if (result.success) {
+                        if (debug)
+                            log.debug(`Auto-installed MCP config at ${projectMcpConfigPath}`);
+                    }
+                    else {
+                        log.warn(`Failed to auto-install MCP config: ${result.error}`);
+                    }
+                }
+                catch (err) {
+                    log.warn('Failed to auto-install MCP config', {
+                        error: err instanceof Error ? err.message : String(err),
+                    });
+                }
+            }
             // Check if MCP tools are available
             // Must verify BOTH conditions (matching inbox hook behavior from commit 18bab59):
-            // 1. .mcp.json config exists in project
+            // 1. MCP config exists (user or project scope)
             // 2. Relay daemon socket is accessible (daemon must be running)
             // Without both, MCP context would be shown but tools wouldn't work
-            const mcpConfigPath = path.join(this.projectRoot, '.mcp.json');
             // Use the actual socket path from config (project-local .agent-relay/relay.sock)
             // or fall back to environment variable
             const relaySocket = this.socketPath || process.env.RELAY_SOCKET || path.join(this.projectRoot, '.agent-relay', 'relay.sock');
             let hasMcp = false;
-            if (fs.existsSync(mcpConfigPath)) {
+            // Check either user-scope or project-scope MCP config
+            // hasMcpConfig was already computed above
+            if (hasMcpConfig) {
                 try {
                     hasMcp = fs.statSync(relaySocket).isSocket();
                 }
@@ -613,7 +695,7 @@ export class AgentSpawner {
                 }
             }
             if (debug && hasMcp)
-                log.debug(`MCP tools available for ${name} (found ${mcpConfigPath} and socket ${relaySocket})`);
+                log.debug(`MCP tools available for ${name} (MCP config found, socket ${relaySocket})`);
             // Inject relay protocol instructions via CLI-specific system prompt
             let relayInstructions = getRelayInstructions(name, { hasMcp, includeWorkflowConventions });
             // Compose role-specific prompts if agent has a role defined in .claude/agents/
@@ -655,7 +737,28 @@ export class AgentSpawner {
             // Note: Spawned agents CAN spawn sub-workers intentionally - the parser is strict enough
             // to avoid accidental spawns from documentation text (requires line start, PascalCase, known CLI)
             // Use request.cwd if specified, otherwise use projectRoot
-            const agentCwd = request.cwd || this.projectRoot;
+            // Validate cwd to prevent path traversal attacks
+            let agentCwd;
+            if (request.cwd && typeof request.cwd === 'string') {
+                // Resolve cwd relative to project root and ensure it stays within that root
+                const resolvedCwd = path.resolve(this.projectRoot, request.cwd);
+                const normalizedProjectRoot = path.resolve(this.projectRoot);
+                const projectRootWithSep = normalizedProjectRoot.endsWith(path.sep)
+                    ? normalizedProjectRoot
+                    : normalizedProjectRoot + path.sep;
+                // Ensure the resolved cwd is within the project root to prevent traversal
+                if (resolvedCwd !== normalizedProjectRoot && !resolvedCwd.startsWith(projectRootWithSep)) {
+                    return {
+                        success: false,
+                        name,
+                        error: `Invalid cwd: "${request.cwd}" must be within the project root`,
+                    };
+                }
+                agentCwd = resolvedCwd;
+            }
+            else {
+                agentCwd = this.projectRoot;
+            }
             // Log whether nested spawning will be enabled for this agent
             log.info(`Spawning ${name}: dashboardPort=${this.dashboardPort || 'none'} (${this.dashboardPort ? 'nested spawns enabled' : 'nested spawns disabled'})`);
             let userEnv;
@@ -765,6 +868,8 @@ export class AgentSpawner {
                     // Pass socket path for MCP server discovery
                     // This allows the MCP server (started by Claude Code) to connect to the daemon
                     ...(relaySocket ? { RELAY_SOCKET: relaySocket } : {}),
+                    // Pass agent name so MCP server knows its identity
+                    RELAY_AGENT_NAME: name,
                 },
                 streamLogs: true,
                 shadowOf: request.shadowOf,

package/packages/bridge/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/bridge",
-  "version": "2.0.12",
+  "version": "2.0.14",
   "description": "Multi-project bridge client utilities for Relay",
   "type": "module",
   "main": "dist/index.js",
@@ -22,12 +22,13 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@agent-relay/protocol": "2.0.12",
-    "@agent-relay/config": "2.0.12",
-    "@agent-relay/utils": "2.0.12",
-    "@agent-relay/policy": "2.0.12",
-    "@agent-relay/user-directory": "2.0.12",
-    "@agent-relay/wrapper": "2.0.12"
+    "@agent-relay/protocol": "2.0.14",
+    "@agent-relay/config": "2.0.14",
+    "@agent-relay/utils": "2.0.14",
+    "@agent-relay/policy": "2.0.14",
+    "@agent-relay/user-directory": "2.0.14",
+    "@agent-relay/wrapper": "2.0.14",
+    "@agent-relay/mcp": "2.0.14"
   },
   "devDependencies": {
     "@types/node": "^22.19.3",

package/packages/cloud/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/cloud",
-  "version": "2.0.12",
+  "version": "2.0.14",
   "description": "Cloud API server and services for Agent Relay",
   "type": "module",
   "main": "dist/index.js",
@@ -38,11 +38,11 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@agent-relay/wrapper": "2.0.12",
-    "@agent-relay/config": "2.0.12",
-    "@agent-relay/resiliency": "2.0.12",
-    "@agent-relay/storage": "2.0.12",
-    "@agent-relay/protocol": "2.0.12"
+    "@agent-relay/wrapper": "2.0.14",
+    "@agent-relay/config": "2.0.14",
+    "@agent-relay/resiliency": "2.0.14",
+    "@agent-relay/storage": "2.0.14",
+    "@agent-relay/protocol": "2.0.14"
   },
   "devDependencies": {
     "@types/node": "^22.19.3",

package/packages/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/config",
-  "version": "2.0.12",
+  "version": "2.0.14",
   "description": "Shared configuration schemas and loaders for Agent Relay",
   "type": "module",
   "main": "dist/index.js",
@@ -83,7 +83,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@agent-relay/protocol": "2.0.12",
+    "@agent-relay/protocol": "2.0.14",
     "zod": "^3.23.8",
     "zod-to-json-schema": "^3.23.1"
   },

package/packages/continuity/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-relay/continuity",
-  "version": "2.0.12",
+  "version": "2.0.14",
   "description": "Session continuity manager for Relay (ledgers, handoffs, resume)",
   "type": "module",
   "main": "dist/index.js",

package/packages/daemon/dist/connection.js

@@ -222,7 +222,11 @@ export class Connection {
         }
     }
     handleSend(envelope) {
-        if (this._state !== 'ACTIVE') {
+        // Allow MCP-style messages (with envelope.from set) even when not in ACTIVE state.
+        // MCP tools use short-lived connections without HELLO handshake.
+        // The router will use envelope.from as the sender name for these messages.
+        const hasMcpSender = !!envelope.from && !!envelope.to;
+        if (this._state !== 'ACTIVE' && !hasMcpSender) {
             this.sendError('BAD_REQUEST', 'Not in ACTIVE state', false);
             return;
         }

package/packages/daemon/dist/relay-ledger.d.ts

@@ -86,6 +86,7 @@ export declare class RelayLedger {
     private stmtMarkArchived;
     private stmtGetPending;
     private stmtGetByPath;
+    private stmtIsActivePath;
     private stmtGetById;
     private stmtResetProcessing;
     private stmtCleanupArchived;
@@ -142,7 +143,8 @@ export declare class RelayLedger {
      */
     registerFile(sourcePath: string, agentName: string, messageType: string, fileSize: number, contentHash?: string, fileMtimeNs?: number, fileInode?: number, symlinkPath?: string): string;
     /**
-     * Check if a file is already registered
+     * Check if a file is actively being processed (pending or processing).
+     * Returns false for archived/delivered/failed files so new files at the same path can be registered.
      */
     isFileRegistered(sourcePath: string): boolean;
     /**

package/packages/daemon/dist/relay-ledger.js

@@ -39,6 +39,7 @@ export class RelayLedger {
     stmtMarkArchived;
     stmtGetPending;
     stmtGetByPath;
+    stmtIsActivePath;
     stmtGetById;
     stmtResetProcessing;
     stmtCleanupArchived;
@@ -139,6 +140,10 @@ export class RelayLedger {
     `);
         this.stmtGetByPath = this.db.prepare(`
       SELECT * FROM relay_files WHERE source_path = ?
+    `);
+        // Only check for pending/processing files (not archived/delivered/failed)
+        this.stmtIsActivePath = this.db.prepare(`
+      SELECT 1 FROM relay_files WHERE source_path = ? AND status IN ('pending', 'processing')
     `);
         this.stmtGetById = this.db.prepare(`
       SELECT * FROM relay_files WHERE file_id = ?
@@ -186,10 +191,11 @@ export class RelayLedger {
         return fileId;
     }
     /**
-     * Check if a file is already registered
+     * Check if a file is actively being processed (pending or processing).
+     * Returns false for archived/delivered/failed files so new files at the same path can be registered.
      */
     isFileRegistered(sourcePath) {
-        const row = this.stmtGetByPath.get(sourcePath);
+        const row = this.stmtIsActivePath.get(sourcePath);
         return row !== undefined;
     }
     /**

package/packages/daemon/dist/router.js

@@ -175,6 +175,19 @@ export class Router {
                         oldConnectionId: existing.id,
                         newConnectionId: connection.id,
                     });
+                    // Send fatal error before closing to prevent reconnection loop
+                    const errorEnvelope = {
+                        v: PROTOCOL_VERSION,
+                        type: 'ERROR',
+                        id: generateId(),
+                        ts: Date.now(),
+                        payload: {
+                            code: 'DUPLICATE_CONNECTION',
+                            message: `Another agent with name "${connection.agentName}" connected. This connection will be closed.`,
+                            fatal: true,
+                        },
+                    };
+                    existing.send(errorEnvelope);
                     existing.close();
                     this.connections.delete(existing.id);
                 }

package/packages/daemon/dist/server.d.ts

@@ -44,6 +44,8 @@ export declare class Daemon {
     private consensus?;
     private cloudSyncDebounceTimer?;
     private spawnManager?;
+    private shuttingDown;
+    private relayWatchdog?;
     /** Telemetry tracking */
     private startTime?;
     private agentSpawnCount;
@@ -86,6 +88,11 @@ export declare class Daemon {
      * Start the daemon.
      */
     start(): Promise<void>;
+    /**
+     * Initialize RelayWatchdog for MCP and file-based agents.
+     * Uses the ledger-based watchdog for durable file processing.
+     */
+    private initRelayWatchdog;
     /**
      * Initialize cloud sync service for cross-machine agent communication.
      */