bare-agent 0.7.0 → 0.9.0

package/package.json

@@ -1,14 +1,16 @@
 {
   "name": "bare-agent",
-  "version": "0.7.0",
+  "version": "0.9.0",
   "files": [
     "index.js",
     "src/",
     "bin/",
-    "tools/"
+    "tools/",
+    "LICENSE",
+    "NOTICE"
   ],
-  "description": "Lightweight, composable agent orchestration. ~1800 lines, 0 required deps.",
-  "license": "MIT",
+  "description": "Lightweight, composable agent orchestration for autonomous agents. Multi-agent primitives (spawn, defer, MCP meta-tools), single-gate governance via bareguard, cross-platform shell tools, MCP bridge. ~2.7K lines core, one required dep.",
+  "license": "Apache-2.0",
   "author": "hamr0",
   "repository": {
     "type": "git",
@@ -25,7 +27,7 @@
     "./transports": "./src/transports.js",
     "./tools": "./src/tools.js",
     "./mcp": "./src/mcp.js",
-    "./policy": "./src/policy.js"
+    "./bareguard": "./src/bareguard-adapter.js"
   },
   "engines": {
     "node": ">=18"
@@ -37,8 +39,13 @@
     "ai",
     "tool-calling",
     "planner",
-    "lightweight"
+    "lightweight",
+    "bareguard",
+    "governance"
   ],
+  "dependencies": {
+    "bareguard": "^0.2.0"
+  },
   "optionalDependencies": {
     "barebrowse": "^0.5.0",
     "baremobile": "^0.7.0",
@@ -53,6 +60,6 @@
     }
   },
   "scripts": {
-    "test": "node --test test/**/*.test.js"
+    "test": "node --test --test-force-exit test/**/*.test.js"
   }
 }

package/src/bareguard-adapter.js

@@ -0,0 +1,93 @@
+'use strict';
+
+/**
+ * Wire a bareguard Gate into bareagent's Loop.
+ *
+ * Returns:
+ *   - `policy`   — async (toolName, args, ctx) closure for `new Loop({ policy })`.
+ *                  Maps gate.check decisions to true (allow) or a deny string
+ *                  (used verbatim by Loop as the LLM-visible reason).
+ *   - `wrapTool` — wraps a single tool so its execute() also calls gate.record
+ *                  with the result + duration (or error). Bareguard owns the
+ *                  audit log and budget tracking; record() is what feeds them.
+ *   - `wrapTools` — convenience: applies wrapTool to an array.
+ *
+ * Halt-severity decisions (budget exhausted, limits.maxTurns hit, etc.) come
+ * back as deny strings tagged `[HALT: <rule>]`. Subsequent rounds halt the
+ * same way; the LLM typically gives up and the loop exits naturally. For
+ * earlier exit, watch the loop:error stream (the closure also calls onError
+ * via Loop's policy-deny path) or wire `onError` to detect halt strings.
+ *
+ * @param {object} gate - A bareguard Gate instance (must have .check and .record).
+ * @returns {{policy: Function, wrapTool: Function, wrapTools: Function}}
+ *
+ * @example
+ *   const { Gate } = require('bareguard');
+ *   const { Loop } = require('bare-agent');
+ *   const { wireGate } = require('bare-agent/bareguard');
+ *
+ *   const gate = new Gate({
+ *     budget: { maxCostUsd: 0.50 },
+ *     limits: { maxTurns: 20 },
+ *     audit:  { path: './audit.jsonl' },
+ *     humanChannel: async (ev) => ({ decision: 'deny' }),
+ *   });
+ *   await gate.init();
+ *
+ *   const { policy, wrapTools } = wireGate(gate);
+ *   const loop = new Loop({ provider, policy });
+ *   await loop.run(messages, wrapTools(myTools));
+ */
+function wireGate(gate) {
+  if (!gate || typeof gate.check !== 'function' || typeof gate.record !== 'function') {
+    throw new Error('[wireGate] expects a bareguard Gate instance (must have .check and .record).');
+  }
+
+  const policy = async (toolName, args, ctx) => {
+    const decision = await gate.check({ type: toolName, args, _ctx: ctx });
+    if (decision.outcome === 'allow') return true;
+    const tag = decision.severity === 'halt'
+      ? `[HALT: ${decision.rule}]`
+      : `[deny: ${decision.rule}]`;
+    return decision.reason ? `${tag} ${decision.reason}` : `${tag} ${toolName} denied`;
+  };
+
+  function wrapTool(tool) {
+    if (!tool || typeof tool.execute !== 'function') {
+      throw new Error('[wireGate.wrapTool] tool must have an execute() function');
+    }
+    const original = tool.execute;
+    return {
+      ...tool,
+      execute: async (args) => {
+        const action = { type: tool.name, args };
+        const startedAt = Date.now();
+        try {
+          const result = await original(args);
+          await gate.record(action, {
+            result: typeof result === 'string' ? result : JSON.stringify(result),
+            durationMs: Date.now() - startedAt,
+          });
+          return result;
+        } catch (err) {
+          await gate.record(action, {
+            error: err?.message || String(err),
+            durationMs: Date.now() - startedAt,
+          });
+          throw err;
+        }
+      },
+    };
+  }
+
+  function wrapTools(tools) {
+    if (!Array.isArray(tools)) {
+      throw new Error('[wireGate.wrapTools] expects an array of tools');
+    }
+    return tools.map(wrapTool);
+  }
+
+  return { policy, wrapTool, wrapTools };
+}
+
+module.exports = { wireGate };

package/src/errors.js

@@ -43,18 +43,6 @@ class CircuitOpenError extends BareAgentError {
   }
 }
 
-class MaxRoundsError extends BareAgentError {
-  constructor(message, opts = {}) {
-    super(message || 'Loop exceeded maximum rounds', { code: 'MAX_ROUNDS', retryable: false, ...opts });
-  }
-}
-
-class MaxCostError extends BareAgentError {
-  constructor(message, opts = {}) {
-    super(message || 'Loop exceeded maximum cost cap', { code: 'MAX_COST', retryable: false, ...opts });
-  }
-}
-
 module.exports = {
   BareAgentError,
   ProviderError,
@@ -62,6 +50,4 @@ module.exports = {
   TimeoutError,
   ValidationError,
   CircuitOpenError,
-  MaxRoundsError,
-  MaxCostError,
 };

package/src/loop.js

@@ -1,7 +1,6 @@
 'use strict';
 
-const fs = require('node:fs');
-const { ToolError, MaxRoundsError, MaxCostError } = require('./errors');
+const { ToolError } = require('./errors');
 
 // Average pricing per 1K tokens (USD). Adjust these to match your provider's rates.
 // Last updated: 2026-03-18. Source: public provider pricing pages.
@@ -21,6 +20,11 @@ const COST_PER_1K = {
   '_default': { in: 0.002, out: 0.008 },
 };
 
+// Internal safety net only — real iteration bounds come from a wired bareguard
+// Gate via `limits.maxTurns`. If you hit this without bareguard wired, you have
+// no governance and the LLM loop is unbounded by design — wire bareguard.
+const HARD_ROUND_LIMIT = 100;
+
 function estimateCost(model, usage) {
   if (!usage || !model) return null;
   const rates = COST_PER_1K[model] || COST_PER_1K['_default'];
@@ -34,20 +38,17 @@ class Loop {
   /**
    * @param {object} options
    * @param {object} options.provider - LLM provider (must implement generate()).
-   * @param {number} [options.maxRounds=5] - Maximum think/act/observe cycles.
    * @param {string} [options.system] - System prompt prepended to messages.
    * @param {object} [options.checkpoint] - Checkpoint instance for human-in-the-loop.
    * @param {object} [options.retry] - Retry instance for backoff on failures.
    * @param {object} [options.stream] - Stream instance for event emission.
    * @param {object} [options.store] - Store instance for validate() health check.
-   * @param {Function} [options.policy] - Async (toolName, args) => true|false|string. Deny returns the string (or a generic message) to the LLM as tool result.
-   * @param {string} [options.audit] - File path for JSONL audit log. Each tool call appends one line: {ts, tool, args, decision, result|reason|error, durationMs}.
+   * @param {Function} [options.policy] - Async (toolName, args, ctx) => true | string. Recommended wiring: closure that delegates to a bareguard Gate (`require('bare-agent/bareguard').wireGate(gate).policy`). Anything other than `true` denies; a string is fed to the LLM verbatim as the deny reason. All policy/budget/audit decisions live in bareguard — Loop just calls the closure and respects the verdict.
    * @throws {Error} `[Loop] requires a provider` — when options.provider is missing.
    */
   constructor(options = {}) {
     if (!options.provider) throw new Error('[Loop] requires a provider');
     this.provider = options.provider;
-    this.maxRounds = options.maxRounds || 5;
     this.system = options.system || null;
     this.checkpoint = options.checkpoint || null;
     this.retry = options.retry || null;
@@ -58,19 +59,16 @@ class Loop {
     this.throwOnError = options.throwOnError !== undefined ? options.throwOnError : true;
     this.store = options.store || null;
     if (options.policy != null && typeof options.policy !== 'function') {
-      throw new Error('[Loop] options.policy must be a function (toolName, args) => true | false | string');
+      throw new Error('[Loop] options.policy must be a function (toolName, args, ctx) => true | string');
     }
     this.policy = options.policy || null;
-    this.audit = options.audit || null;
-    this.maxCost = typeof options.maxCost === 'number' && options.maxCost > 0 ? options.maxCost : null;
     this._stopped = false;
     this._history = []; // for chat() stateful mode
-    this._auditInFlight = new Set();
   }
 
   // Unified error emitter — every silent-ish failure path routes through here so
-  // operators see audit writes, callback throws, checkpoint timeouts, stream listener
-  // errors in one place: loop:error stream event + onError callback.
+  // operators see callback throws, checkpoint timeouts, stream listener errors
+  // in one place: loop:error stream event + onError callback.
   _reportError(source, err, extra = {}) {
     const message = err?.message || String(err);
     this._safeEmit({ type: 'loop:error', data: { source, error: message, ...extra } });
@@ -106,35 +104,11 @@ class Loop {
     }
   }
 
-  // Append one JSONL record. Returns nothing (fire-and-forget for callers)
-  // but tracks the in-flight promise so `flush()` and the end of `run()` can await it.
-  _writeAudit(record) {
-    if (!this.audit) return;
-    let line;
-    try {
-      line = JSON.stringify(record) + '\n';
-    } catch (err) {
-      this._reportError('audit:serialize', err, { tool: record?.tool });
-      return;
-    }
-    const p = fs.promises.appendFile(this.audit, line)
-      .catch(err => this._reportError('audit:write', err, { tool: record?.tool }))
-      .finally(() => this._auditInFlight.delete(p));
-    this._auditInFlight.add(p);
-  }
-
-  // Await any in-flight audit writes. Safe to call multiple times; resolves immediately
-  // when no writes are pending. Called automatically at the end of each `run()`.
-  async flush() {
-    if (this._auditInFlight.size === 0) return;
-    await Promise.all([...this._auditInFlight]);
-  }
-
   /**
    * Run the think/act/observe loop.
    * @param {Array<object>} messages - Conversation messages in OpenAI format.
    * @param {Array<object>} [tools=[]] - Tool definitions with name, execute, description, parameters.
-   * @param {object} [options={}] - Per-run overrides (system, temperature, etc.).
+   * @param {object} [options={}] - Per-run overrides (system, temperature, ctx, etc.).
    * @returns {Promise<{text: string, toolCalls: Array, usage: object, error: string|null}>}
    * @throws {Error} `[Loop] Tool is missing a name` — when a tool has no name or a non-string name.
    * @throws {Error} `[Loop] Tool "X" is missing an execute() function` — when execute is not a function.
@@ -170,7 +144,7 @@ class Loop {
     let lastUsage = { inputTokens: 0, outputTokens: 0 };
     let totalCost = 0;
 
-    for (let round = 0; round < this.maxRounds; round++) {
+    for (let round = 0; round < HARD_ROUND_LIMIT; round++) {
       if (this._stopped) break;
 
       let result;
@@ -179,7 +153,6 @@ class Loop {
         result = this.retry ? await this.retry.call(generate) : await generate();
       } catch (err) {
         this._reportError('provider', err, { round });
-        await this.flush();
         if (this.throwOnError) throw err;
         return { text: '', toolCalls: [], usage: lastUsage, cost: totalCost, error: err.message };
       }
@@ -189,21 +162,10 @@ class Loop {
       const roundCost = estimateCost(model, lastUsage);
       if (roundCost !== null) totalCost += roundCost;
 
-      // Cost cap — fail fast before the next round costs more money.
-      if (this.maxCost !== null && totalCost > this.maxCost) {
-        const msg = `[Loop] cost ${totalCost.toFixed(4)} exceeded cap ${this.maxCost.toFixed(4)} after round ${round + 1}`;
-        const err = new MaxCostError(msg, { context: { cost: totalCost, maxCost: this.maxCost, round } });
-        this._reportError('cost-cap', err, { cost: totalCost, maxCost: this.maxCost });
-        await this.flush();
-        if (this.throwOnError) throw err;
-        return { text: '', toolCalls: [], usage: lastUsage, cost: totalCost, error: msg };
-      }
-
       // No tool calls — LLM gave a final text response
       if (!result.toolCalls || result.toolCalls.length === 0) {
         this._safeEmit({ type: 'loop:text', data: { text: result.text } });
         this._safeCall('onText', this.onText, result.text);
-        await this.flush();
         this._safeEmit({ type: 'loop:done', data: { text: result.text, usage: lastUsage, cost: totalCost } });
         return { text: result.text, toolCalls: [], usage: lastUsage, cost: totalCost, error: null };
       }
@@ -260,6 +222,8 @@ class Loop {
         // anything else (false, string, undefined, object, throw) denies. A string verdict
         // is used verbatim as the deny reason. `ctx` (opaque blob passed via
         // loop.run(msgs, tools, { ctx })) is forwarded as the third arg for per-caller gating.
+        // Recommended wiring: bareguard's Gate via `wireGate(gate).policy` — bareguard
+        // owns budget, audit, and halt decisions; Loop just respects the verdict.
         if (this.policy) {
           let verdict;
           try {
@@ -273,54 +237,29 @@ class Loop {
               : `[Loop] Tool "${tc.name}" denied by policy`;
             msgs.push({ role: 'tool', tool_call_id: tc.id, content: reason });
             this._safeEmit({ type: 'loop:tool_result', data: { tool: tc.name, denied: true, reason } });
-            this._writeAudit({
-              ts: new Date().toISOString(),
-              tool: tc.name,
-              args: tc.arguments,
-              decision: 'deny',
-              reason,
-            });
             continue;
           }
         }
 
-        const startedAt = Date.now();
         try {
           const execute = () => tool.execute(tc.arguments);
           const toolResult = this.retry ? await this.retry.call(execute) : await execute();
           const content = typeof toolResult === 'string' ? toolResult : JSON.stringify(toolResult);
           msgs.push({ role: 'tool', tool_call_id: tc.id, content });
           this._safeEmit({ type: 'loop:tool_result', data: { tool: tc.name, result: content } });
-          this._writeAudit({
-            ts: new Date().toISOString(),
-            tool: tc.name,
-            args: tc.arguments,
-            decision: 'allow',
-            result: content,
-            durationMs: Date.now() - startedAt,
-          });
         } catch (err) {
           const toolErr = err instanceof ToolError ? err : new ToolError(err.message, { context: { tool: tc.name } });
           const errMsg = `[Loop] Tool error: ${toolErr.message}`;
           msgs.push({ role: 'tool', tool_call_id: tc.id, content: errMsg });
           this._safeEmit({ type: 'loop:tool_result', data: { tool: tc.name, error: errMsg } });
-          this._writeAudit({
-            ts: new Date().toISOString(),
-            tool: tc.name,
-            args: tc.arguments,
-            decision: 'allow',
-            error: toolErr.message,
-            durationMs: Date.now() - startedAt,
-          });
         }
       }
     }
 
-    // maxRounds exceeded
-    const warning = `[Loop] ended after ${this.maxRounds} rounds without final response`;
-    await this.flush();
+    // Hard safety limit — should never fire under normal usage; bareguard's
+    // limits.maxTurns (or the LLM's natural completion) ends the loop first.
+    const warning = `[Loop] hit internal safety limit of ${HARD_ROUND_LIMIT} rounds. Wire bareguard for proper governance — see bare-agent/bareguard.`;
     this._safeEmit({ type: 'loop:done', data: { text: '', warning, cost: totalCost } });
-    if (this.throwOnError) throw new MaxRoundsError(warning);
     return { text: '', toolCalls: [], usage: lastUsage, cost: totalCost, error: warning };
   }
 

package/src/mcp-bridge.js

@@ -219,29 +219,30 @@ function wrapTools(serverName, mcpTools, rpc) {
 async function killServer(child) {
   if (child.exitCode !== null) return;
 
-  child.stdin?.destroy();
+  // end() sends FIN so the child sees stdin EOF and can exit cleanly;
+  // destroy() alone does not always propagate.
+  try { child.stdin?.end(); } catch { /* already closed */ }
   child.stdout?.destroy();
   child.stderr?.destroy();
 
-  await new Promise(resolve => {
-    const onClose = () => resolve();
+  // Short grace, then SIGTERM, then SIGKILL. Each wait clears its timer
+  // promptly when the child closes so we don't block the event loop after
+  // exit (which kept node:test's file-level wrapper hanging).
+  const waitClose = (ms) => new Promise(resolve => {
+    let timer;
+    const onClose = () => { clearTimeout(timer); resolve(); };
     child.once('close', onClose);
-    setTimeout(() => {
+    timer = setTimeout(() => {
       child.removeListener('close', onClose);
       resolve();
-    }, 700);
+    }, ms);
   });
 
+  await waitClose(150);
+
   if (child.exitCode === null) {
     child.kill('SIGTERM');
-    await new Promise(resolve => {
-      const onClose = () => resolve();
-      child.once('close', onClose);
-      setTimeout(() => {
-        child.removeListener('close', onClose);
-        resolve();
-      }, 700);
-    });
+    await waitClose(300);
   }
 
   if (child.exitCode === null) {
@@ -262,11 +263,12 @@ async function connectAndListTools(name, def, timeout = 15000) {
     clientInfo: { name: 'bare-agent', version: '0.5.0' },
   });
 
-  const timer = new Promise((_, reject) =>
-    setTimeout(() => reject(new ToolError(`MCP server "${name}" init timed out after ${timeout}ms`)), timeout)
-  );
+  let timerId;
+  const timer = new Promise((_, reject) => {
+    timerId = setTimeout(() => reject(new ToolError(`MCP server "${name}" init timed out after ${timeout}ms`)), timeout);
+  });
 
-  await Promise.race([init, timer]);
+  try { await Promise.race([init, timer]); } finally { clearTimeout(timerId); }
   client.notify('notifications/initialized');
 
   const { tools: mcpTools } = await client.rpc('tools/list');
@@ -308,6 +310,103 @@ function buildSystemContext(servers, tools, denied) {
   return lines.join('\n');
 }
 
+// --- Meta-tools: mcp_discover + mcp_invoke (v0.9) ---
+
+/**
+ * Build the LLM-callable meta-tool surface from a fully-connected bridge.
+ * Shares the underlying tool array and RPC clients with the bulk surface —
+ * one set of connections, one factory, two output forms. The user picks
+ * `bridge.tools` (bulk) for small catalogs the LLM should see upfront, or
+ * `bridge.metaTools` for large catalogs the LLM should discover on demand.
+ *
+ * Gov shape: when the LLM calls mcp_invoke, the action sent to gate.check
+ * is `{ type: 'mcp_invoke', args: { name, args }, _ctx }` — bareguard sees
+ * `mcp_invoke` as the type. To deny specific MCP tools, use bareguard's
+ * `tools.denyArgPatterns: { mcp_invoke: [/"name":"linear_admin_.*"/] }`
+ * or `content.denyPatterns` over the JSON-serialized form. The inner MCP
+ * tool name doesn't travel as `action.type` — that's a deliberate v0.9
+ * trade for one consistent gate-check call per LLM tool invocation.
+ *
+ * @param {Array} tools - The bulk-loaded, name-prefixed tools array.
+ * @param {string} discoveredAt - ISO timestamp from .mcp-bridge.json.
+ * @returns {Array} [mcp_discover, mcp_invoke]
+ */
+function buildMetaTools(tools, discoveredAt) {
+  // Catalog descriptors: same info the LLM would see for bulk-loaded tools,
+  // but exposed via mcp_discover instead of taking up tool-array slots upfront.
+  const catalog = tools.map(t => {
+    const sep = t.name.indexOf('_');
+    return {
+      name: t.name,
+      description: t.description || '',
+      schema: t.parameters || { type: 'object', properties: {} },
+      server: sep > 0 ? t.name.slice(0, sep) : t.name,
+      tool: sep > 0 ? t.name.slice(sep + 1) : '',
+    };
+  });
+  const byName = new Map(tools.map(t => [t.name, t]));
+
+  const mcpDiscover = {
+    name: 'mcp_discover',
+    description:
+      'List MCP tools currently available across all configured servers. Returns descriptors with name, description, schema, server, and tool. Pass refresh:true to force a fresh discovery (otherwise the catalog is the one loaded at agent startup). Discovery itself is ungated — read-only catalog access. Gov decisions still happen at invoke time via mcp_invoke.',
+    parameters: {
+      type: 'object',
+      properties: {
+        refresh: {
+          type: 'boolean',
+          description: 'Currently a no-op flag in v0.9 — the catalog is loaded once at bridge construction. Set true to signal intent; behavior may change in a later version.',
+        },
+        server: {
+          type: 'string',
+          description: 'Optional: filter the catalog to one server name.',
+        },
+      },
+    },
+    execute: async ({ server } = {}) => {
+      const filtered = server
+        ? catalog.filter(t => t.server === server)
+        : catalog;
+      return {
+        tools: filtered,
+        cachedAt: discoveredAt || new Date().toISOString(),
+        count: filtered.length,
+      };
+    },
+  };
+
+  const mcpInvoke = {
+    name: 'mcp_invoke',
+    description:
+      'Invoke an MCP tool by its canonical bareagent name (the `name` field returned by mcp_discover, e.g. "linear_list_issues"). Args are passed through to the underlying MCP server. Returns the tool result. Bareguard governs every invocation — denies fed back as deny strings, halts as [HALT] strings.',
+    parameters: {
+      type: 'object',
+      properties: {
+        name: {
+          type: 'string',
+          description: 'Canonical MCP tool name (from mcp_discover). Format: <server>_<tool>.',
+        },
+        args: {
+          type: 'object',
+          description: 'Arguments for the MCP tool, matching its schema (also from mcp_discover).',
+        },
+      },
+      required: ['name'],
+    },
+    execute: async ({ name, args }) => {
+      const tool = byName.get(name);
+      if (!tool) {
+        throw new ToolError(`mcp_invoke: unknown tool "${name}". Call mcp_discover for the current catalog.`, {
+          context: { name, knownNames: [...byName.keys()] },
+        });
+      }
+      return await tool.execute(args || {});
+    },
+  };
+
+  return [mcpDiscover, mcpInvoke];
+}
+
 // --- Main entry point ---
 
 /**
@@ -316,13 +415,22 @@ function buildSystemContext(servers, tools, denied) {
  * On subsequent runs, reads .mcp-bridge.json and respects allow/deny per tool.
  * Re-discovers when TTL expires (default: 24h).
  *
+ * Returns BOTH surfaces (v0.9+):
+ *   - `tools`     — bulk-loaded array of name-prefixed tools (small catalogs;
+ *                   LLM sees them upfront).
+ *   - `metaTools` — [mcp_discover, mcp_invoke] LLM-callable pair (large catalogs;
+ *                   LLM picks tools dynamically). Shares the same RPC connections.
+ *
+ * Wire one or the other into Loop's tool array; never both (the LLM would see
+ * the same MCP tool twice). Pick by catalog size and token budget.
+ *
  * @param {object} [opts]
  * @param {string} [opts.bridgePath] - Path to .mcp-bridge.json. Default: .mcp-bridge.json in cwd.
  * @param {string[]} [opts.configPaths] - IDE config paths for discovery.
  * @param {string[]} [opts.servers] - Limit to these server names.
  * @param {number} [opts.timeout=15000] - Per-server init timeout in ms.
  * @param {boolean} [opts.refresh=false] - Force re-discovery regardless of TTL.
- * @returns {Promise<{tools: Array, servers: string[], systemContext: string, denied: Array, close: Function}>}
+ * @returns {Promise<{tools: Array, metaTools: Array, servers: string[], systemContext: string, denied: Array, close: Function}>}
  */
 async function createMCPBridge(opts = {}) {
   if ('policy' in opts) {
@@ -435,8 +543,11 @@ async function createMCPBridge(opts = {}) {
   const systemContext = buildSystemContext(connected, tools, denied);
   if (connected.length > 0) console.log(systemContext);
 
+  const metaTools = buildMetaTools(tools, config?.discovered);
+
   return {
     tools,
+    metaTools,
     servers: connected,
     denied,
     systemContext,
@@ -447,4 +558,4 @@ async function createMCPBridge(opts = {}) {
   };
 }
 
-module.exports = { createMCPBridge, discoverServers };
+module.exports = { createMCPBridge, discoverServers, buildMetaTools };

package/src/mcp.js

@@ -1,5 +1,5 @@
 'use strict';
 
-const { createMCPBridge, discoverServers } = require('./mcp-bridge');
+const { createMCPBridge, discoverServers, buildMetaTools } = require('./mcp-bridge');
 
-module.exports = { createMCPBridge, discoverServers };
+module.exports = { createMCPBridge, discoverServers, buildMetaTools };

package/src/retry.js

@@ -35,15 +35,23 @@ class Retry {
     const timeout = options.timeout || this.timeout;
 
     for (let attempt = 1; attempt <= max; attempt++) {
+      let timeoutId;
       try {
         const result = await (timeout
-          ? Promise.race([fn(), new Promise((_, rej) => setTimeout(() => rej(new TimeoutError('[Retry] Timeout')), timeout))])
+          ? Promise.race([
+              fn(),
+              new Promise((_, rej) => {
+                timeoutId = setTimeout(() => rej(new TimeoutError('[Retry] Timeout')), timeout);
+              }),
+            ])
           : fn());
         return result;
       } catch (err) {
         if (attempt === max || !retryOn(err)) throw err;
         const delay = this._delay(attempt);
         await new Promise(r => setTimeout(r, delay));
+      } finally {
+        if (timeoutId) clearTimeout(timeoutId);
       }
     }
   }

package/src/tools.js

@@ -3,5 +3,15 @@
 const { createBrowsingTools } = require('../tools/browse');
 const { createMobileTools } = require('../tools/mobile');
 const { createShellTools } = require('../tools/shell');
+const { createSpawnTool, spawnChild } = require('../tools/spawn');
+const { createDeferTool, readQueue: readDeferQueue } = require('../tools/defer');
 
-module.exports = { createBrowsingTools, createMobileTools, createShellTools };
+module.exports = {
+  createBrowsingTools,
+  createMobileTools,
+  createShellTools,
+  createSpawnTool,
+  spawnChild,
+  createDeferTool,
+  readDeferQueue,
+};