morpheus-cli 0.7.5 → 0.7.7

package/README.md

@@ -240,6 +240,10 @@ Discord bot responds to **DMs only** from authorized user IDs (`allowedUsers`).
 | `/status` | Check Morpheus status |
 | `/stats` | Token usage statistics |
 | `/newsession` | Start a new session |
+| `/mcps` | List MCP servers with tool counts |
+| `/mcpreload` | Reload MCP connections and tools |
+| `/mcp_enable name:` | Enable an MCP server |
+| `/mcp_disable name:` | Disable an MCP server |
 | `/chronos prompt: time:` | Schedule a job |
 | `/chronos_list` | List all scheduled jobs |
 | `/chronos_view id:` | View job + executions |

package/dist/channels/discord.js

@@ -74,6 +74,24 @@ const SLASH_COMMANDS = [
         .setDescription('Disable a skill')
         .addStringOption(opt => opt.setName('name').setDescription('Skill name').setRequired(true))
         .setDMPermission(true),
+    new SlashCommandBuilder()
+        .setName('mcps')
+        .setDescription('List MCP servers and their status')
+        .setDMPermission(true),
+    new SlashCommandBuilder()
+        .setName('mcpreload')
+        .setDescription('Reload MCP tools from servers')
+        .setDMPermission(true),
+    new SlashCommandBuilder()
+        .setName('mcp_enable')
+        .setDescription('Enable an MCP server')
+        .addStringOption(opt => opt.setName('name').setDescription('MCP server name').setRequired(true))
+        .setDMPermission(true),
+    new SlashCommandBuilder()
+        .setName('mcp_disable')
+        .setDescription('Disable an MCP server')
+        .addStringOption(opt => opt.setName('name').setDescription('MCP server name').setRequired(true))
+        .setDMPermission(true),
 ].map(cmd => cmd.toJSON());
 // ─── Adapter ──────────────────────────────────────────────────────────────────
 export class DiscordAdapter {
@@ -367,6 +385,18 @@ export class DiscordAdapter {
             case 'skill_disable':
                 await this.cmdSkillDisable(interaction);
                 break;
+            case 'mcps':
+                await this.cmdMcps(interaction);
+                break;
+            case 'mcpreload':
+                await this.cmdMcpReload(interaction);
+                break;
+            case 'mcp_enable':
+                await this.cmdMcpEnable(interaction);
+                break;
+            case 'mcp_disable':
+                await this.cmdMcpDisable(interaction);
+                break;
         }
     }
     async cmdHelp(interaction) {
@@ -392,7 +422,13 @@ export class DiscordAdapter {
             '`/skill_enable name:` — Enable a skill',
             '`/skill_disable name:` — Disable a skill',
             '',
-            'You can also send text or voice messages to chat with the Oracle.',
+            '**MCP Servers**',
+            '`/mcps` — List MCP servers and status',
+            '`/mcpreload` — Reload MCP tools from servers',
+            '`/mcp_enable name:` — Enable an MCP server',
+            '`/mcp_disable name:` — Disable an MCP server',
+            '',
+            'You can also send text or voice messages to chat with the Oracle.'
         ].join('\n');
         await interaction.reply({ content });
     }
@@ -657,6 +693,80 @@ export class DiscordAdapter {
             await interaction.reply({ content: `Error: ${err.message}` });
         }
     }
+    // ─── MCP Commands ─────────────────────────────────────────────────────────
+    async cmdMcps(interaction) {
+        try {
+            const { MCPManager } = await import('../config/mcp-manager.js');
+            const { Construtor } = await import('../runtime/tools/factory.js');
+            const [servers, stats] = await Promise.all([
+                MCPManager.listServers(),
+                Promise.resolve(Construtor.getStats()),
+            ]);
+            if (!servers.length) {
+                await interaction.reply({ content: 'No MCP servers configured.' });
+                return;
+            }
+            const statsMap = new Map(stats.servers.map(s => [s.name, s]));
+            const lines = servers.map(s => {
+                const status = s.enabled ? '🟢' : '🔴';
+                const serverStats = statsMap.get(s.name);
+                const toolCount = serverStats?.ok ? `(${serverStats.toolCount} tools)` :
+                    serverStats?.error ? '(failed)' : '(not loaded)';
+                const transport = s.config.transport.toUpperCase();
+                return `${status} **${s.name}** ${toolCount}\n    _${transport}_`;
+            });
+            const enabled = servers.filter(s => s.enabled).length;
+            const totalTools = stats.totalTools;
+            await interaction.reply({
+                content: `**MCP Servers** (${enabled}/${servers.length} enabled, ${totalTools} tools cached)\n\n${lines.join('\n')}`
+            });
+        }
+        catch (err) {
+            await interaction.reply({ content: `Error: ${err.message}` });
+        }
+    }
+    async cmdMcpReload(interaction) {
+        await interaction.deferReply();
+        try {
+            await this.oracle.reloadTools();
+            const { Construtor } = await import('../runtime/tools/factory.js');
+            const stats = Construtor.getStats();
+            await interaction.editReply({
+                content: `✅ MCP tools reloaded: ${stats.totalTools} tools from ${stats.servers.length} servers.`
+            });
+            this.display.log(`MCP reload triggered by Discord user`, { source: 'Discord', level: 'info' });
+        }
+        catch (err) {
+            await interaction.editReply({ content: `❌ Failed to reload MCP tools: ${err.message}` });
+            this.display.log(`MCP reload failed: ${err.message}`, { source: 'Discord', level: 'error' });
+        }
+    }
+    async cmdMcpEnable(interaction) {
+        const name = interaction.options.getString('name', true);
+        try {
+            const { MCPManager } = await import('../config/mcp-manager.js');
+            await MCPManager.setServerEnabled(name, true);
+            await interaction.reply({
+                content: `MCP server \`${name}\` enabled. Use \`/mcpreload\` to apply changes.`
+            });
+        }
+        catch (err) {
+            await interaction.reply({ content: `Error: ${err.message}` });
+        }
+    }
+    async cmdMcpDisable(interaction) {
+        const name = interaction.options.getString('name', true);
+        try {
+            const { MCPManager } = await import('../config/mcp-manager.js');
+            await MCPManager.setServerEnabled(name, false);
+            await interaction.reply({
+                content: `MCP server \`${name}\` disabled. Use \`/mcpreload\` to apply changes.`
+            });
+        }
+        catch (err) {
+            await interaction.reply({ content: `Error: ${err.message}` });
+        }
+    }
     // ─── Helpers ──────────────────────────────────────────────────────────────
     isAuthorized(userId) {
         return this.allowedUsers.includes(userId);

package/dist/channels/telegram.js

@@ -1591,7 +1591,8 @@ How can I assist you today?`;
         try {
             await ctx.reply('🔄 Reloading MCP servers...');
             await this.oracle.reloadTools();
-            await ctx.reply('✅ MCP servers reloaded successfully.');
+            const stats = Construtor.getStats();
+            await ctx.reply(`✅ MCP tools reloaded: ${stats.totalTools} tools from ${stats.servers.length} servers.`);
             this.display.log(`MCP reload triggered by @${user}`, { source: 'Telegram', level: 'info' });
         }
         catch (error) {

package/dist/cli/commands/start.js

@@ -12,6 +12,7 @@ import { TelegramAdapter } from '../../channels/telegram.js';
 import { DiscordAdapter } from '../../channels/discord.js';
 import { ChannelRegistry } from '../../channels/registry.js';
 import { WebhookDispatcher } from '../../runtime/webhooks/dispatcher.js';
+import { registerOracleForHotReload } from '../../runtime/hot-reload.js';
 import { PATHS } from '../../config/paths.js';
 import { Oracle } from '../../runtime/oracle.js';
 import { ProviderError } from '../../runtime/errors.js';
@@ -23,6 +24,7 @@ import { TaskNotifier } from '../../runtime/tasks/notifier.js';
 import { ChronosWorker } from '../../runtime/chronos/worker.js';
 import { ChronosRepository } from '../../runtime/chronos/repository.js';
 import { SkillRegistry } from '../../runtime/skills/index.js';
+import { MCPToolCache } from '../../runtime/tools/cache.js';
 // Load .env file explicitly in start command
 const envPath = path.join(process.cwd(), '.env');
 if (fs.existsSync(envPath)) {
@@ -138,6 +140,24 @@ export const startCommand = new Command('start')
         catch (err) {
             display.log(chalk.yellow(`Skills initialization warning: ${err.message}`), { source: 'Skills' });
         }
+        // Initialize MCP Tool Cache before Oracle (so agents get cached tools)
+        try {
+            display.startSpinner('Loading MCP tools...');
+            const mcpCache = MCPToolCache.getInstance();
+            await mcpCache.load();
+            const stats = mcpCache.getStats();
+            display.stopSpinner();
+            if (stats.totalTools > 0) {
+                display.log(chalk.green(`✓ MCP tools cached: ${stats.totalTools} tools from ${stats.servers.length} servers`), { source: 'MCP' });
+            }
+            else if (stats.servers.length > 0) {
+                display.log(chalk.yellow(`⚠ MCP servers configured but no tools loaded`), { source: 'MCP' });
+            }
+        }
+        catch (err) {
+            display.stopSpinner();
+            display.log(chalk.yellow(`MCP cache warning: ${err.message}`), { source: 'MCP' });
+        }
         // Initialize Oracle
         const oracle = new Oracle(config);
         try {
@@ -145,6 +165,8 @@ export const startCommand = new Command('start')
             await oracle.initialize();
             display.stopSpinner();
             display.log(chalk.green('✓ Oracle initialized'), { source: 'Oracle' });
+            // Register Oracle for hot-reload
+            registerOracleForHotReload(oracle);
         }
         catch (err) {
             display.stopSpinner();

package/dist/config/manager.js

@@ -287,6 +287,22 @@ export class ConfigManager {
                 max_active_jobs: resolveNumeric('MORPHEUS_CHRONOS_MAX_ACTIVE_JOBS', config.chronos.max_active_jobs, 100),
             };
         }
+        // Apply precedence to DevKit config
+        // Migration: if devkit is absent but apoc.working_dir exists, migrate it
+        const rawDevKit = config.devkit ?? {};
+        const migratedSandboxDir = rawDevKit.sandbox_dir || config.apoc?.working_dir || undefined;
+        const devkitConfig = {
+            sandbox_dir: resolveString('MORPHEUS_DEVKIT_SANDBOX_DIR', migratedSandboxDir, process.cwd()),
+            readonly_mode: resolveBoolean('MORPHEUS_DEVKIT_READONLY_MODE', rawDevKit.readonly_mode, false),
+            allowed_shell_commands: process.env.MORPHEUS_DEVKIT_ALLOWED_SHELL_COMMANDS
+                ? process.env.MORPHEUS_DEVKIT_ALLOWED_SHELL_COMMANDS.split(',').map(s => s.trim()).filter(Boolean)
+                : (rawDevKit.allowed_shell_commands ?? []),
+            enable_filesystem: resolveBoolean('MORPHEUS_DEVKIT_ENABLE_FILESYSTEM', rawDevKit.enable_filesystem, true),
+            enable_shell: resolveBoolean('MORPHEUS_DEVKIT_ENABLE_SHELL', rawDevKit.enable_shell, true),
+            enable_git: resolveBoolean('MORPHEUS_DEVKIT_ENABLE_GIT', rawDevKit.enable_git, true),
+            enable_network: resolveBoolean('MORPHEUS_DEVKIT_ENABLE_NETWORK', rawDevKit.enable_network, true),
+            timeout_ms: resolveNumeric('MORPHEUS_DEVKIT_TIMEOUT_MS', rawDevKit.timeout_ms, 30_000),
+        };
         return {
             agent: agentConfig,
             llm: llmConfig,
@@ -300,6 +316,7 @@ export class ConfigManager {
             logging: loggingConfig,
             memory: memoryConfig,
             chronos: chronosConfig,
+            devkit: devkitConfig,
             verbose_mode: resolveBoolean('MORPHEUS_VERBOSE_MODE', config.verbose_mode, true),
         };
     }
@@ -384,6 +401,22 @@ export class ConfigManager {
         }
         return defaults;
     }
+    getDevKitConfig() {
+        const defaults = {
+            sandbox_dir: process.cwd(),
+            readonly_mode: false,
+            allowed_shell_commands: [],
+            enable_filesystem: true,
+            enable_shell: true,
+            enable_git: true,
+            enable_network: true,
+            timeout_ms: 30_000,
+        };
+        if (this.config.devkit) {
+            return { ...defaults, ...this.config.devkit };
+        }
+        return defaults;
+    }
     /**
      * Returns encryption status for all agent API keys.
      */

package/dist/config/schemas.js

@@ -44,6 +44,16 @@ export const ChronosConfigSchema = z.object({
     check_interval_ms: z.number().min(60000).default(60000),
     max_active_jobs: z.number().min(1).max(1000).default(100),
 });
+export const DevKitConfigSchema = z.object({
+    sandbox_dir: z.string().optional(),
+    readonly_mode: z.boolean().default(false),
+    allowed_shell_commands: z.array(z.string()).default([]),
+    enable_filesystem: z.boolean().default(true),
+    enable_shell: z.boolean().default(true),
+    enable_git: z.boolean().default(true),
+    enable_network: z.boolean().default(true),
+    timeout_ms: z.number().int().positive().default(30000),
+});
 // Zod Schema matching MorpheusConfig interface
 export const ConfigSchema = z.object({
     agent: z.object({
@@ -67,6 +77,7 @@ export const ConfigSchema = z.object({
         }).default(DEFAULT_CONFIG.runtime?.async_tasks ?? { enabled: true }),
     }).optional(),
     chronos: ChronosConfigSchema.optional(),
+    devkit: DevKitConfigSchema.optional(),
     verbose_mode: z.boolean().default(true),
     channels: z.object({
         telegram: z.object({

package/dist/devkit/registry.js

@@ -1,12 +1,27 @@
 const factories = [];
-export function registerToolFactory(factory) {
-    factories.push(factory);
+export function registerToolFactory(factory, category = 'system') {
+    factories.push({ category, factory });
 }
+/** Categories that can be toggled off via DevKit config */
+const TOGGLEABLE_CATEGORIES = {
+    filesystem: 'enable_filesystem',
+    shell: 'enable_shell',
+    git: 'enable_git',
+    network: 'enable_network',
+};
 /**
  * Builds the full DevKit tool set for a given context.
  * Each factory receives the context (working_dir, allowed_commands, etc.)
  * and returns tools with the context captured in closure.
+ * Disabled categories are filtered out based on context flags.
  */
 export function buildDevKit(ctx) {
-    return factories.flatMap(factory => factory(ctx));
+    return factories
+        .filter(({ category }) => {
+        const ctxKey = TOGGLEABLE_CATEGORIES[category];
+        if (!ctxKey)
+            return true; // non-toggleable categories always load
+        return ctx[ctxKey] !== false;
+    })
+        .flatMap(({ factory }) => factory(ctx));
 }

package/dist/devkit/tools/browser.js

@@ -501,4 +501,4 @@ export function createBrowserTools(_ctx) {
         browserSearchTool,
     ];
 }
-registerToolFactory(createBrowserTools);
+registerToolFactory(createBrowserTools, 'browser');

package/dist/devkit/tools/filesystem.js

@@ -6,23 +6,31 @@ import { glob } from 'glob';
 import { truncateOutput, isWithinDir } from '../utils.js';
 import { registerToolFactory } from '../registry.js';
 function resolveSafe(ctx, filePath) {
-    // Always resolve relative to working_dir
-    const resolved = path.isAbsolute(filePath) ? filePath : path.resolve(ctx.working_dir, filePath);
+    // Resolve relative to sandbox_dir (preferred) or working_dir
+    const base = ctx.sandbox_dir || ctx.working_dir;
+    const resolved = path.isAbsolute(filePath) ? filePath : path.resolve(base, filePath);
     return resolved;
 }
+/**
+ * Guards a resolved path against the sandbox directory.
+ * When sandbox_dir is set, ALL paths (read and write) must be within it.
+ * When readonly_mode is true, destructive operations are blocked.
+ */
 function guardPath(ctx, resolved, destructive = false) {
-    // If allowed_commands is empty (Merovingian), no path restriction
-    if (!destructive)
-        return;
-    // For Apoc (non-empty allowed_commands) or explicit working_dir set, guard destructive ops
-    if (ctx.allowed_commands.length > 0 && !isWithinDir(resolved, ctx.working_dir)) {
-        throw new Error(`Path '${resolved}' is outside the working directory '${ctx.working_dir}'. Operation denied.`);
+    // Enforce readonly_mode for destructive operations
+    if (destructive && ctx.readonly_mode) {
+        throw new Error(`Operation denied: DevKit is in read-only mode. Write/delete operations are blocked.`);
+    }
+    // Enforce sandbox_dir for ALL operations (read and write)
+    if (ctx.sandbox_dir && !isWithinDir(resolved, ctx.sandbox_dir)) {
+        throw new Error(`Path '${resolved}' is outside the sandbox directory '${ctx.sandbox_dir}'. Operation denied.`);
     }
 }
 export function createFilesystemTools(ctx) {
     return [
         tool(async ({ file_path, encoding, start_line, end_line }) => {
             const resolved = resolveSafe(ctx, file_path);
+            guardPath(ctx, resolved);
             const content = await fs.readFile(resolved, encoding ?? 'utf8');
             const lines = content.split('\n');
             const sliced = (start_line || end_line)
@@ -80,6 +88,7 @@ export function createFilesystemTools(ctx) {
         tool(async ({ source, destination }) => {
             const src = resolveSafe(ctx, source);
             const dest = resolveSafe(ctx, destination);
+            guardPath(ctx, src, true);
             guardPath(ctx, dest, true);
             await fs.ensureDir(path.dirname(dest));
             await fs.move(src, dest, { overwrite: true });
@@ -95,6 +104,8 @@ export function createFilesystemTools(ctx) {
         tool(async ({ source, destination }) => {
             const src = resolveSafe(ctx, source);
             const dest = resolveSafe(ctx, destination);
+            guardPath(ctx, src);
+            guardPath(ctx, dest, true);
             await fs.ensureDir(path.dirname(dest));
             await fs.copy(src, dest);
             return JSON.stringify({ success: true, from: src, to: dest });
@@ -108,6 +119,7 @@ export function createFilesystemTools(ctx) {
         }),
         tool(async ({ dir_path, recursive, pattern }) => {
             const resolved = resolveSafe(ctx, dir_path ?? '.');
+            guardPath(ctx, resolved);
             const entries = await fs.readdir(resolved, { withFileTypes: true });
             let results = entries.map(e => ({
                 name: e.name,
@@ -145,6 +157,7 @@ export function createFilesystemTools(ctx) {
         }),
         tool(async ({ dir_path }) => {
             const resolved = resolveSafe(ctx, dir_path);
+            guardPath(ctx, resolved, true);
             await fs.ensureDir(resolved);
             return JSON.stringify({ success: true, path: resolved });
         }, {
@@ -154,6 +167,7 @@ export function createFilesystemTools(ctx) {
         }),
         tool(async ({ file_path }) => {
             const resolved = resolveSafe(ctx, file_path);
+            guardPath(ctx, resolved);
             const stat = await fs.stat(resolved);
             return JSON.stringify({
                 path: resolved,
@@ -171,6 +185,7 @@ export function createFilesystemTools(ctx) {
         }),
         tool(async ({ pattern, search_path, regex, case_insensitive, max_results }) => {
             const base = resolveSafe(ctx, search_path ?? '.');
+            guardPath(ctx, base);
             const files = await glob('**/*', { cwd: base, nodir: true, absolute: true });
             const re = new RegExp(pattern, case_insensitive ? 'i' : undefined);
             const results = [];
@@ -204,6 +219,7 @@ export function createFilesystemTools(ctx) {
         }),
         tool(async ({ pattern, search_path }) => {
             const base = resolveSafe(ctx, search_path ?? '.');
+            guardPath(ctx, base);
             const files = await glob(pattern, { cwd: base, absolute: true });
             return truncateOutput(JSON.stringify(files.map(f => path.relative(base, f)), null, 2));
         }, {
@@ -216,4 +232,4 @@ export function createFilesystemTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createFilesystemTools);
+registerToolFactory(createFilesystemTools, 'filesystem');

package/dist/devkit/tools/git.js

@@ -1,7 +1,8 @@
 import { tool } from '@langchain/core/tools';
 import { z } from 'zod';
+import path from 'path';
 import { ShellAdapter } from '../adapters/shell.js';
-import { truncateOutput, isCommandAllowed } from '../utils.js';
+import { truncateOutput, isCommandAllowed, isWithinDir } from '../utils.js';
 import { registerToolFactory } from '../registry.js';
 export function createGitTools(ctx) {
     const shell = ShellAdapter.create();
@@ -176,8 +177,16 @@ export function createGitTools(ctx) {
         }),
         tool(async ({ url, destination, depth }) => {
             const args = ['clone', url];
-            if (destination)
+            if (destination) {
+                // Enforce sandbox_dir on clone destination
+                if (ctx.sandbox_dir) {
+                    const resolvedDest = path.isAbsolute(destination) ? destination : path.resolve(ctx.working_dir, destination);
+                    if (!isWithinDir(resolvedDest, ctx.sandbox_dir)) {
+                        return JSON.stringify({ success: false, output: `Clone destination '${resolvedDest}' is outside the sandbox directory '${ctx.sandbox_dir}'. Operation denied.` });
+                    }
+                }
                 args.push(destination);
+            }
             if (depth)
                 args.push('--depth', String(depth));
             const r = await git(args);
@@ -192,6 +201,13 @@ export function createGitTools(ctx) {
             }),
         }),
         tool(async ({ path: worktreePath, branch }) => {
+            // Enforce sandbox_dir on worktree path
+            if (ctx.sandbox_dir) {
+                const resolvedPath = path.isAbsolute(worktreePath) ? worktreePath : path.resolve(ctx.working_dir, worktreePath);
+                if (!isWithinDir(resolvedPath, ctx.sandbox_dir)) {
+                    return JSON.stringify({ success: false, output: `Worktree path '${resolvedPath}' is outside the sandbox directory '${ctx.sandbox_dir}'. Operation denied.` });
+                }
+            }
             const args = ['worktree', 'add', worktreePath];
             if (branch)
                 args.push('-b', branch);
@@ -207,4 +223,4 @@ export function createGitTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createGitTools);
+registerToolFactory(createGitTools, 'git');

package/dist/devkit/tools/network.js

@@ -4,7 +4,7 @@ import net from 'net';
 import dns from 'dns';
 import fs from 'fs-extra';
 import path from 'path';
-import { truncateOutput } from '../utils.js';
+import { truncateOutput, isWithinDir } from '../utils.js';
 import { registerToolFactory } from '../registry.js';
 export function createNetworkTools(ctx) {
     return [
@@ -121,6 +121,13 @@ export function createNetworkTools(ctx) {
             const destPath = path.isAbsolute(destination)
                 ? destination
                 : path.resolve(ctx.working_dir, destination);
+            // Enforce sandbox_dir on download destination
+            if (ctx.sandbox_dir && !isWithinDir(destPath, ctx.sandbox_dir)) {
+                return JSON.stringify({
+                    success: false,
+                    error: `Download destination '${destPath}' is outside the sandbox directory '${ctx.sandbox_dir}'. Operation denied.`,
+                });
+            }
             await fs.ensureDir(path.dirname(destPath));
             const controller = new AbortController();
             const timer = setTimeout(() => controller.abort(), timeout_ms ?? 60_000);
@@ -155,4 +162,4 @@ export function createNetworkTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createNetworkTools);
+registerToolFactory(createNetworkTools, 'network');

package/dist/devkit/tools/packages.js

@@ -70,4 +70,4 @@ export function createPackageTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createPackageTools);
+registerToolFactory(createPackageTools, 'packages');

package/dist/devkit/tools/processes.js

@@ -127,4 +127,4 @@ export function createProcessTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createProcessTools);
+registerToolFactory(createProcessTools, 'processes');

package/dist/devkit/tools/shell.js

@@ -5,7 +5,7 @@ import path from 'path';
 import os from 'os';
 import { randomUUID } from 'crypto';
 import { ShellAdapter } from '../adapters/shell.js';
-import { truncateOutput, isCommandAllowed } from '../utils.js';
+import { truncateOutput, isCommandAllowed, isWithinDir } from '../utils.js';
 import { registerToolFactory } from '../registry.js';
 export function createShellTools(ctx) {
     const shell = ShellAdapter.create();
@@ -17,8 +17,20 @@ export function createShellTools(ctx) {
                     error: `Command '${command}' is not in the allowed_commands list for this project. Allowed: [${ctx.allowed_commands.join(', ')}]`,
                 });
             }
+            // Enforce sandbox_dir: override cwd to stay within sandbox
+            let effectiveCwd = cwd ?? ctx.working_dir;
+            if (ctx.sandbox_dir) {
+                const resolvedCwd = path.isAbsolute(effectiveCwd) ? effectiveCwd : path.resolve(ctx.sandbox_dir, effectiveCwd);
+                if (!isWithinDir(resolvedCwd, ctx.sandbox_dir)) {
+                    return JSON.stringify({
+                        success: false,
+                        error: `Working directory '${resolvedCwd}' is outside the sandbox directory '${ctx.sandbox_dir}'. Operation denied.`,
+                    });
+                }
+                effectiveCwd = resolvedCwd;
+            }
             const result = await shell.run(command, args ?? [], {
-                cwd: cwd ?? ctx.working_dir,
+                cwd: effectiveCwd,
                 timeout_ms: timeout_ms ?? ctx.timeout_ms ?? 30_000,
             });
             return JSON.stringify({
@@ -91,4 +103,4 @@ export function createShellTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createShellTools);
+registerToolFactory(createShellTools, 'shell');

package/dist/devkit/tools/system.js

@@ -129,4 +129,4 @@ export function createSystemTools(ctx) {
         }),
     ];
 }
-registerToolFactory(createSystemTools);
+registerToolFactory(createSystemTools, 'system');

package/dist/http/api.js

@@ -20,6 +20,7 @@ import { ChronosWorker } from '../runtime/chronos/worker.js';
 import { createChronosJobRouter, createChronosConfigRouter } from './routers/chronos.js';
 import { createSkillsRouter } from './routers/skills.js';
 import { getActiveEnvOverrides } from '../config/precedence.js';
+import { hotReloadConfig, getRestartRequiredChanges } from '../runtime/hot-reload.js';
 async function readLastLines(filePath, n) {
     try {
         const content = await fs.readFile(filePath, 'utf8');
@@ -479,7 +480,14 @@ export function createApiRouter(oracle, chronosWorker) {
                     level: 'info'
                 });
             }
-            res.json(newConfig);
+            // Hot-reload agents with new config
+            const hotReloadResult = await hotReloadConfig();
+            const restartRequired = getRestartRequiredChanges(oldConfig, newConfig);
+            res.json({
+                ...newConfig,
+                _hotReload: hotReloadResult,
+                _restartRequired: restartRequired
+            });
         }
         catch (error) {
             if (error.name === 'ZodError') {
@@ -509,6 +517,8 @@ export function createApiRouter(oracle, chronosWorker) {
                 source: 'Zaion',
                 level: 'info'
             });
+            // Hot-reload agents
+            await hotReloadConfig();
             res.json({ success: true });
         }
         catch (error) {
@@ -565,6 +575,8 @@ export function createApiRouter(oracle, chronosWorker) {
                 source: 'Zaion',
                 level: 'info'
             });
+            // Hot-reload agents
+            await hotReloadConfig();
             res.json({ success: true });
         }
         catch (error) {
@@ -601,6 +613,8 @@ export function createApiRouter(oracle, chronosWorker) {
                 source: 'Zaion',
                 level: 'info'
             });
+            // Hot-reload agents
+            await hotReloadConfig();
             res.json({ success: true });
         }
         catch (error) {
@@ -752,8 +766,17 @@ export function createApiRouter(oracle, chronosWorker) {
     });
     router.post('/mcp/reload', async (_req, res) => {
         try {
+            // First reload the MCP tool cache from servers
+            await Construtor.reload();
+            // Then reinitialize agents with the new cached tools
             await oracle.reloadTools();
-            res.json({ ok: true, message: 'MCP tools reloaded successfully.' });
+            const stats = Construtor.getStats();
+            res.json({
+                ok: true,
+                message: 'MCP tools reloaded successfully.',
+                totalTools: stats.totalTools,
+                servers: stats.servers,
+            });
         }
         catch (error) {
             res.status(500).json({ error: 'Failed to reload MCP tools.', details: String(error) });
@@ -768,6 +791,16 @@ export function createApiRouter(oracle, chronosWorker) {
             res.status(500).json({ error: 'Failed to probe MCP servers.', details: String(error) });
         }
     });
+    // Get MCP tool cache stats (fast, no server connection)
+    router.get('/mcp/stats', async (_req, res) => {
+        try {
+            const stats = Construtor.getStats();
+            res.json(stats);
+        }
+        catch (error) {
+            res.status(500).json({ error: 'Failed to get MCP stats.', details: String(error) });
+        }
+    });
     // Keep PUT for backward compatibility if needed, or remove. 
     // Tasks says Implement POST. I'll remove PUT to avoid confusion or redirect it.
     router.put('/config', async (req, res) => {
@@ -790,6 +823,8 @@ export function createApiRouter(oracle, chronosWorker) {
             await configManager.save({ ...config, trinity: req.body });
             const display = DisplayManager.getInstance();
             display.log('Trinity configuration updated via UI', { source: 'Zaion', level: 'info' });
+            // Hot-reload agents
+            await hotReloadConfig();
             res.json({ success: true });
         }
         catch (error) {