muonroi-cli 1.4.1 → 1.5.0

package/dist/src/ops/__tests__/doctor-ee-health.test.js

@@ -84,6 +84,27 @@ describe("doctor EE health checks (CQ-16c/16d)", () => {
         expect(eeHealth?.status).toBe("warn");
         expect(eeHealth?.detail).toContain("72.61.127.154");
     });
+    it("ee.health does NOT report unreachable when server is up but gates degraded (VERIFY F9)", async () => {
+        // Live ee_query works (server reachable) yet the gates sub-check fails —
+        // doctor must not call this "unreachable" (false negative). server.ok is
+        // the reachability signal, not result.ok.
+        healthDetailedMock.mockResolvedValue({
+            ok: false,
+            status: 200,
+            mode: "thin-client",
+            circuit: "closed",
+            components: {
+                server: { ok: true, status: 200 },
+                gates: { ok: false, status: 0 },
+            },
+        });
+        const results = await runDoctor();
+        const eeHealth = results.find((r) => r.name === "ee.health");
+        expect(eeHealth?.status).toBe("warn");
+        expect(eeHealth?.detail).not.toContain("unreachable");
+        expect(eeHealth?.detail).toContain("server=ok");
+        expect(eeHealth?.detail.toLowerCase()).toContain("gates");
+    });
     it("ee.health warns gracefully when healthDetailed throws", async () => {
         healthDetailedMock.mockRejectedValue(new Error("network timeout"));
         const results = await runDoctor();

package/dist/src/ops/doctor.d.ts

@@ -2,9 +2,10 @@
  * src/ops/doctor.ts
  *
  * Health check runner for muonroi-cli doctor command.
- * Runs 7 named checks and returns pass/warn/fail results.
+ * Runs 10 named checks and returns pass/warn/fail results.
  *
- * Checks: bun_version, os, key_presence, ollama, ee, qdrant, error_rate
+ * Checks: bun_version, os, key_presence, ollama, dotnet, ee.health, ee.brain,
+ *         qdrant, error_rate, council.mcp
  * Never throws — all checks handle errors gracefully (warn, not crash).
  */
 export interface CheckResult {

package/dist/src/ops/doctor.js

@@ -2,11 +2,13 @@
  * src/ops/doctor.ts
  *
  * Health check runner for muonroi-cli doctor command.
- * Runs 7 named checks and returns pass/warn/fail results.
+ * Runs 10 named checks and returns pass/warn/fail results.
  *
- * Checks: bun_version, os, key_presence, ollama, ee, qdrant, error_rate
+ * Checks: bun_version, os, key_presence, ollama, dotnet, ee.health, ee.brain,
+ *         qdrant, error_rate, council.mcp
  * Never throws — all checks handle errors gracefully (warn, not crash).
  */
+import { spawnSync } from "node:child_process";
 import { readFile } from "fs/promises";
 import os from "os";
 import path from "path";
@@ -116,7 +118,6 @@ async function checkEEDetailed() {
         const result = await healthDetailed();
         const serverOk = result.components.server.ok;
         const gatesOk = result.components.gates?.ok ?? true; // null if local mode
-        const isHealthy = result.ok;
         const parts = [
             `mode=${result.mode}`,
             `circuit=${result.circuit}`,
@@ -125,7 +126,11 @@ async function checkEEDetailed() {
         if (result.components.gates !== null) {
             parts.push(`gates=${gatesOk ? "ok" : `fail(${result.components.gates.status})`}`);
         }
-        if (!isHealthy) {
+        // Reachability is the SERVER component, not result.ok. A failing gates
+        // sub-check (e.g. read-token scope in thin-client mode) does NOT mean the
+        // EE server is unreachable — labelling it "unreachable" is a false negative
+        // that contradicts a live ee_query working. See VERIFY F9.
+        if (!serverOk) {
             const hint = result.mode === "thin-client"
                 ? "Hint: check VPS 72.61.127.154:8082 is reachable; verify ~/.experience/config.json serverBaseUrl + serverReadAuthToken"
                 : "Hint: start EE locally or configure thin-client in ~/.experience/config.json";
@@ -135,6 +140,13 @@ async function checkEEDetailed() {
                 detail: `EE unreachable — ${parts.join(", ")}. ${hint}`,
             };
         }
+        if (!gatesOk) {
+            return {
+                name: "ee.health",
+                status: "warn",
+                detail: `EE reachable; gates check degraded — ${parts.join(", ")}. Hint: gates needs serverReadAuthToken scope in ~/.experience/config.json`,
+            };
+        }
         return {
             name: "ee.health",
             status: "pass",
@@ -157,9 +169,9 @@ async function checkBrainEmptiness() {
         // Count ee_injection events with event_subtype='no_match' in last 30 days
         const cutoff = new Date(Date.now() - 30 * 86_400_000).toISOString();
         const row = db
-            .prepare(`SELECT COUNT(*) as cnt FROM interaction_logs
-         WHERE event_type = 'ee_injection'
-           AND event_subtype = 'no_match'
+            .prepare(`SELECT COUNT(*) as cnt FROM interaction_logs
+         WHERE event_type = 'ee_injection'
+           AND event_subtype = 'no_match'
            AND created_at >= ?`)
             .get(cutoff);
         const noMatchCount = row?.cnt ?? 0;
@@ -193,6 +205,29 @@ async function checkBrainEmptiness() {
         return { name: "ee.brain", status: "pass", detail: "brain check skipped (DB unavailable)" };
     }
 }
+async function checkDotnet() {
+    // BB-aware scaffolding (muonroi-building-block) needs the .NET SDK for its
+    // restore/build/modular-boundaries quality gate. Doctor previously had no
+    // dotnet probe, so BB tasks had no preflight. See VERIFY F1.
+    try {
+        const res = spawnSync("dotnet", ["--version"], { encoding: "utf8", timeout: 5000 });
+        if (res.status === 0 && typeof res.stdout === "string" && res.stdout.trim().length > 0) {
+            return { name: "dotnet", status: "pass", detail: `dotnet ${res.stdout.trim()} — BB/.NET scaffold ready` };
+        }
+        return {
+            name: "dotnet",
+            status: "warn",
+            detail: "dotnet not found (optional — needed for muonroi-building-block scaffolding + quality gate)",
+        };
+    }
+    catch (err) {
+        return {
+            name: "dotnet",
+            status: "warn",
+            detail: `dotnet probe failed: ${err.message} (optional — needed for BB scaffolding)`,
+        };
+    }
+}
 async function checkQdrant() {
     try {
         const qdrantUrl = process.env.QDRANT_URL ?? "http://localhost:6333";
@@ -258,10 +293,10 @@ async function checkCouncilMcpNudge() {
         // 2. Query DB for [Council Memory] records with URL or research topics
         const db = getDatabase();
         const rows = db
-            .prepare(`SELECT message_json FROM messages
-         WHERE role = 'system'
-           AND message_json LIKE '%[Council Memory]%'
-         ORDER BY created_at DESC
+            .prepare(`SELECT message_json FROM messages
+         WHERE role = 'system'
+           AND message_json LIKE '%[Council Memory]%'
+         ORDER BY created_at DESC
          LIMIT 50`)
             .all();
         let qualifyingCount = 0;
@@ -323,6 +358,7 @@ export async function runDoctor() {
         checkOS(),
         checkKeyPresence(),
         checkOllamaHealth(),
+        checkDotnet(), // NEW — VERIFY F1: BB/.NET scaffold preflight
         checkEEDetailed(), // replaces checkEE() — CQ-16c
         checkBrainEmptiness(), // NEW — CQ-16d
         checkQdrant(),

package/dist/src/ops/doctor.test.js

@@ -1,7 +1,7 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 // RED phase: import module under test (will fail until doctor.ts is created)
 import { formatDoctorReport, runDoctor } from "./doctor.js";
-describe("doctor — runDoctor returns 9 checks", () => {
+describe("doctor — runDoctor returns 10 checks", () => {
     beforeEach(() => {
         // Mock fetch to avoid real network calls in tests
         vi.stubGlobal("fetch", vi.fn().mockResolvedValue({ ok: false, status: 503 }));
@@ -10,9 +10,9 @@ describe("doctor — runDoctor returns 9 checks", () => {
         vi.unstubAllGlobals();
         vi.restoreAllMocks();
     });
-    it("returns exactly 9 CheckResult entries (council_mcp_nudge added in CQ-23)", async () => {
+    it("returns exactly 10 CheckResult entries (dotnet added in VERIFY F1)", async () => {
         const results = await runDoctor();
-        expect(results).toHaveLength(9);
+        expect(results).toHaveLength(10);
     });
     it("each CheckResult has valid name, status, and detail fields", async () => {
         const results = await runDoctor();
@@ -32,6 +32,7 @@ describe("doctor — runDoctor returns 9 checks", () => {
         expect(names).toContain("os");
         expect(names).toContain("key_presence");
         expect(names).toContain("ollama");
+        expect(names).toContain("dotnet");
         expect(names).toContain("ee.health");
         expect(names).toContain("ee.brain");
         expect(names).toContain("qdrant");

package/dist/src/orchestrator/__tests__/mcp-capability-block.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/orchestrator/__tests__/mcp-capability-block.test.js

@@ -0,0 +1,39 @@
+import { describe, expect, it } from "vitest";
+import { buildMcpCapabilityBlock } from "../prompts.js";
+describe("buildMcpCapabilityBlock", () => {
+    it("returns '' when no MCP tools are connected (non-agent / chitchat / no-client-tools turns add nothing)", () => {
+        expect(buildMcpCapabilityBlock([])).toBe("");
+        expect(buildMcpCapabilityBlock(["read_file", "grep", "bash", "edit_file"])).toBe("");
+    });
+    it("names the exact callable mcp_<server>__<tool> tools connected this turn (regression: session f6f7881a5fae)", () => {
+        const block = buildMcpCapabilityBlock([
+            "read_file",
+            "bash",
+            "mcp_muonroi-docs__setup_guide",
+            "mcp_muonroi-docs__docs_search",
+        ]);
+        // The failure was the agent not knowing it could call setup_guide directly.
+        expect(block).toContain("mcp_muonroi-docs__setup_guide");
+        expect(block).toContain("mcp_muonroi-docs__docs_search");
+        expect(block).toMatch(/CONNECTED MCP TOOLS/);
+        // Steers away from the bash-JSON-RPC fallback the agent actually did.
+        expect(block).toMatch(/do NOT shell out to bash/i);
+    });
+    it("groups tools by server (id with a hyphen split on the first '__')", () => {
+        const block = buildMcpCapabilityBlock([
+            "mcp_muonroi-docs__setup_guide",
+            "mcp_context7__query_docs",
+            "mcp_muonroi-docs__docs_search",
+        ]);
+        // muonroi-docs appears once as a group header with both its tools.
+        expect(block.match(/muonroi-docs:/g)?.length).toBe(1);
+        expect(block).toMatch(/context7:/);
+    });
+    it("ignores non-mcp tool names and is deterministic (tools sorted within a server)", () => {
+        const block = buildMcpCapabilityBlock(["mcp_srv__b_tool", "write_file", "mcp_srv__a_tool"]);
+        expect(block).not.toContain("write_file");
+        // a_tool sorts before b_tool → stable output regardless of input order.
+        expect(block.indexOf("mcp_srv__a_tool")).toBeLessThan(block.indexOf("mcp_srv__b_tool"));
+    });
+});
+//# sourceMappingURL=mcp-capability-block.test.js.map

package/dist/src/orchestrator/__tests__/project-stack.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/orchestrator/__tests__/project-stack.test.js

@@ -0,0 +1,65 @@
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { describe, expect, it } from "vitest";
+import { detectProjectStack } from "../prompts.js";
+// detectProjectStack feeds the ENVIRONMENT block so every model — in any mode,
+// on any provider — knows the concrete stack of the repo it is running inside,
+// instead of assuming Python / asking the user to describe the project
+// (2026-06-14 dogfood: "model native doesn't know what it can do in the CLI").
+describe("detectProjectStack", () => {
+    const mkTemp = (slug) => mkdtempSync(join(tmpdir(), `mr-stack-${slug}-`));
+    it("detects the current repo as a JS/TS project under git", () => {
+        const out = detectProjectStack(process.cwd());
+        expect(out).toMatch(/TypeScript|JavaScript/);
+        expect(out).toMatch(/vcs: git/);
+    });
+    it("returns empty string for a bare directory (greenfield)", () => {
+        const dir = mkTemp("empty");
+        try {
+            expect(detectProjectStack(dir)).toBe("");
+        }
+        finally {
+            rmSync(dir, { recursive: true, force: true });
+        }
+    });
+    it("detects a Rust project from Cargo.toml", () => {
+        const dir = mkTemp("rust");
+        try {
+            writeFileSync(join(dir, "Cargo.toml"), "[package]\nname = 'x'\n");
+            expect(detectProjectStack(dir)).toMatch(/^Rust/);
+        }
+        finally {
+            rmSync(dir, { recursive: true, force: true });
+        }
+    });
+    it("detects a .NET project from a .csproj file", () => {
+        const dir = mkTemp("net");
+        try {
+            writeFileSync(join(dir, "App.csproj"), "<Project/>");
+            expect(detectProjectStack(dir)).toMatch(/\.NET\/C#/);
+        }
+        finally {
+            rmSync(dir, { recursive: true, force: true });
+        }
+    });
+    it("reports package manager + test runner for a bun/vitest TS project", () => {
+        const dir = mkTemp("ts");
+        try {
+            writeFileSync(join(dir, "tsconfig.json"), "{}");
+            writeFileSync(join(dir, "bun.lock"), "");
+            writeFileSync(join(dir, "vitest.config.ts"), "export default {}");
+            const out = detectProjectStack(dir);
+            expect(out).toMatch(/TypeScript/);
+            expect(out).toMatch(/pkg: bun/);
+            expect(out).toMatch(/tests: vitest/);
+        }
+        finally {
+            rmSync(dir, { recursive: true, force: true });
+        }
+    });
+    it("returns empty (no throw) for a missing directory", () => {
+        expect(detectProjectStack(join(tmpdir(), "definitely-missing-dir-9f8a7b6c"))).toBe("");
+    });
+});
+//# sourceMappingURL=project-stack.test.js.map

package/dist/src/orchestrator/batch-turn-runner.js

@@ -25,9 +25,10 @@
 // `recordUsage`, `appendCompletedTurn`, `discardAbortedTurn`,
 // `getCompactedThisTurn` / `setCompactedThisTurn`, etc.) so a future
 // `TurnRunnerDepsBase` hoist is mechanical.
-import { buildMcpToolSet } from "../mcp/runtime.js";
+import { acquireMcpTools } from "../mcp/client-pool.js";
 import { getProviderCapabilities } from "../providers/capabilities.js";
 import { requireRuntimeProvider } from "../providers/runtime.js";
+import { openUrl } from "../utils/open-url.js";
 import { loadMcpServers } from "../utils/settings.js";
 import { accumulateUsage, buildAssistantBatchMessage, buildBatchChatCompletionRequest, buildBatchName, buildToolBatchMessage, getBatchFinishReason, getBatchUsage, hasUsage, toLocalToolCall, } from "./batch-utils.js";
 import { relaxCompactionSettings } from "./compaction.js";
@@ -104,17 +105,12 @@ export class BatchTurnRunner {
                 });
                 let tools = !batchCaps.supportsClientTools(runtime.modelInfo) ? {} : baseTools;
                 if (deps.mode === "agent" && batchCaps.supportsClientTools(runtime.modelInfo)) {
-                    const mcpBundle = await buildMcpToolSet(loadMcpServers(), {
+                    const mcpBundle = await acquireMcpTools(loadMcpServers(), {
                         onOAuthRequired: (_serverId, url) => {
-                            const urlStr = url.toString();
-                            import("child_process").then(({ exec }) => {
-                                const cmd = process.platform === "win32"
-                                    ? `start "" "${urlStr}"`
-                                    : process.platform === "darwin"
-                                        ? `open "${urlStr}"`
-                                        : `xdg-open "${urlStr}"`;
-                                exec(cmd);
-                            });
+                            // Server-supplied URL is untrusted — openUrl validates the scheme
+                            // and spawns via execFile (no shell), closing the command-injection
+                            // vector the old exec() opener had.
+                            openUrl(url);
                         },
                     });
                     closeMcp = mcpBundle.close;

package/dist/src/orchestrator/message-processor.js

@@ -59,7 +59,7 @@ import * as phaseTracker from "../ee/phase-tracker.js";
 import { buildScope as buildScopeForVeto } from "../ee/scope.js";
 import { fireTrajectoryEvent } from "../ee/session-trajectory.js";
 import { getTenantId as getTenantIdForVeto } from "../ee/tenant.js";
-import { buildMcpToolSet } from "../mcp/runtime.js";
+import { acquireMcpTools } from "../mcp/client-pool.js";
 import { dropRedundantFsMcpTools, filterMcpServersByMessage } from "../mcp/smart-filter.js";
 import { getModelInfo } from "../models/registry.js";
 import { cheapModelShellLine, injectCheapModelPlaybook, injectCheapModelShellDirective, shouldInjectCheapModelPlaybook, } from "../pil/cheap-model-playbook.js";
@@ -83,6 +83,7 @@ import { visionToolsNeeded } from "../tools/vision-gate.js";
 import { isDebugEnabled, recordTurnTrace } from "../ui/slash/debug.js";
 import { statusBarStore } from "../ui/status-bar/store.js";
 import { appendDecisionLog } from "../usage/decision-log.js";
+import { openUrl } from "../utils/open-url.js";
 import { appendAudit, toolNeedsApproval } from "../utils/permission-mode.js";
 import { getAutoCouncilConfidence, getAutoCouncilMinRoles, getProviderStallTimeoutMs, getRoleModels, getTopLevelCompactKeepLast, getTopLevelCompactThresholdChars, getTopLevelToolBudgetChars, isAutoCouncilEnabled, isProviderDisabled, loadMcpServers, loadValidSubAgents, } from "../utils/settings.js";
 import { resolveShell } from "../utils/shell.js";
@@ -92,7 +93,7 @@ import { humanizeApiError, isAuthenticationError, isContextLimitError, summarize
 import { buildGroundingFootnote, findUnverifiedClaims } from "./grounding-check.js";
 import { buildInterruptedTurnNote } from "./interrupted-turn.js";
 import { stableCallId } from "./pending-calls.js";
-import { applyModelConstraints, buildSystemPromptParts } from "./prompts.js";
+import { applyModelConstraints, buildMcpCapabilityBlock, buildSystemPromptParts } from "./prompts.js";
 import { extractProviderOptionsShape } from "./provider-options-shape.js";
 import { wrapToolSetWithReadBudget } from "./read-path-budget.js";
 import { containsEncryptedReasoning, sanitizeModelMessages } from "./reasoning.js";
@@ -1017,32 +1018,26 @@ export class MessageProcessor {
                         const filteredServers = filterMcpServersByMessage(loadMcpServers(), userMessage, {
                             disabled: process.env.MUONROI_DISABLE_SMART_MCP === "1",
                         });
-                        // MCP non-blocking: race the build against a 2500ms cap so a slow
-                        // stdio MCP server spawn (or many optional servers) does not block
-                        // the main turn's first token / streamText indefinitely. On timeout
-                        // or error we fall back to builtins only (domain servers like fs/tools
-                        // are still valuable but the optional ones can be skipped for this turn).
+                        // MCP non-blocking: acquireMcpTools self-bounds — it connects servers
+                        // in parallel and returns PARTIAL results at its internal deadline
+                        // (fast/cached servers included; slow first-connects reported in
+                        // .errors and available next turn). Clients are POOLED across turns
+                        // (client-pool.ts), so a server cold-spawns at most once per session
+                        // instead of every turn. No outer race: the old race discarded the
+                        // WHOLE bundle on timeout (Phase 1c — session f6f7881a5fae).
                         let mcpBundle = null;
                         try {
-                            mcpBundle = await Promise.race([
-                                buildMcpToolSet(filteredServers, {
-                                    onOAuthRequired: (_serverId, url) => {
-                                        const urlStr = url.toString();
-                                        import("child_process").then(({ exec }) => {
-                                            const cmd = process.platform === "win32"
-                                                ? `start "" "${urlStr}"`
-                                                : process.platform === "darwin"
-                                                    ? `open "${urlStr}"`
-                                                    : `xdg-open "${urlStr}"`;
-                                            exec(cmd);
-                                        });
-                                    },
-                                }),
-                                new Promise((_, reject) => setTimeout(() => reject(new Error("MCP build timeout (2500ms)")), 2500)),
-                            ]);
+                            mcpBundle = await acquireMcpTools(filteredServers, {
+                                onOAuthRequired: (_serverId, url) => {
+                                    // Server-supplied URL is untrusted — openUrl validates the
+                                    // scheme and spawns via execFile (no shell), closing the
+                                    // command-injection vector the old exec() opener had.
+                                    openUrl(url);
+                                },
+                            });
                         }
                         catch (err) {
-                            console.error("[MCP] buildMcpToolSet timed out or failed, proceeding with builtins only", err);
+                            console.error("[MCP] buildMcpToolSet failed, proceeding with builtins only", err);
                         }
                         if (mcpBundle) {
                             closeMcp = mcpBundle.close;
@@ -1056,6 +1051,19 @@ export class MessageProcessor {
                             const _builtinToolNames = new Set(Object.keys(rawToolSet));
                             const { tools: _dedupedMcpTools, dropped: _droppedFsMcp } = dropRedundantFsMcpTools(mcpBundle.tools, _builtinToolNames);
                             rawToolSet = { ...rawToolSet, ..._dedupedMcpTools };
+                            // muonroi-tools is THIS CLI: every tool it exposes (ee_query,
+                            // ee_feedback, ee_health, usage_forensics, lsp_query, setup_guide,
+                            // selfverify_*) is now a NATIVE in-process builtin (src/tools/
+                            // native-tools.ts) — strictly better (no subprocess, no cold-start).
+                            // If an external/legacy config still self-spawns muonroi-tools, drop
+                            // any MCP twin whose native equivalent is present so the model never
+                            // sees two interchangeable copies. (The CLI no longer self-spawns it
+                            // by default — see auto-setup.ts.)
+                            for (const key of Object.keys(rawToolSet)) {
+                                const twin = key.match(/^mcp_muonroi-tools__(.+)$/);
+                                if (twin && rawToolSet[twin[1]])
+                                    delete rawToolSet[key];
+                            }
                             if (_droppedFsMcp.length > 0 && deps.session) {
                                 try {
                                     logInteraction(deps.session.id, "routing", {
@@ -1068,7 +1076,20 @@ export class MessageProcessor {
                                 }
                             }
                             if (mcpBundle.errors.length > 0) {
-                                yield { type: "content", content: `MCP unavailable: ${mcpBundle.errors.join(" | ")}\n\n` };
+                                // A pooled server that is still cold-starting is NOT "unavailable"
+                                // — it's warming up and will be ready next turn. Only surface
+                                // GENUINE failures as "unavailable"; show warming servers as a
+                                // soft, non-alarming note (and only the first time, since the
+                                // pool connects them in the background).
+                                const warming = mcpBundle.errors.filter((e) => /still connecting/.test(e));
+                                const failed = mcpBundle.errors.filter((e) => !/still connecting/.test(e));
+                                if (failed.length > 0) {
+                                    yield { type: "content", content: `MCP unavailable: ${failed.join(" | ")}\n\n` };
+                                }
+                                if (warming.length > 0) {
+                                    const names = warming.map((e) => e.split(":")[0]).join(", ");
+                                    yield { type: "content", content: `MCP warming up (${names}) — ready from the next turn.\n\n` };
+                                }
                             }
                         }
                     }
@@ -1169,6 +1190,15 @@ export class MessageProcessor {
                     const systemWithShell = shouldInjectCheapModelPlaybook(runtime.modelInfo)
                         ? injectCheapModelShellDirective(systemWithPlaybook, cheapModelShellLine(resolveShell({}).kind, process.platform))
                         : systemWithPlaybook;
+                    // Append the LIVE MCP tool roster so the agent calls connected MCP
+                    // tools by their exact mcp_<server>__<tool> name instead of shelling
+                    // out (session f6f7881a5fae). Built from the FINAL toolset for this
+                    // iteration (post smart-filter + fs-dedup), so it never names a tool
+                    // the model can't actually call. Dynamic per turn → must live OUTSIDE
+                    // the cached staticPrefix; for claude it lands in the second
+                    // (non-cached) system message via the slice below.
+                    const mcpCapabilityBlock = buildMcpCapabilityBlock(Object.keys(tools));
+                    const systemWithCaps = mcpCapabilityBlock ? `${systemWithShell}${mcpCapabilityBlock}` : systemWithShell;
                     const systemForModel = runtime.modelId.startsWith("claude")
                         ? [
                             {
@@ -1178,10 +1208,10 @@ export class MessageProcessor {
                             },
                             {
                                 role: "system",
-                                content: systemWithShell.slice(systemParts.staticPrefix.length),
+                                content: systemWithCaps.slice(systemParts.staticPrefix.length),
                             },
                         ]
-                        : systemWithShell;
+                        : systemWithCaps;
                     // Capture prompt-size breakdown so recordUsage can attach it to the
                     // cost-log entry. Without this, "system prompt is huge" is unfalsifiable.
                     // chars/4 ≈ tokens for English; reported as chars to keep math obvious.

package/dist/src/orchestrator/orchestrator.js

@@ -244,6 +244,27 @@ export class Agent {
         this.pendingCalls = options.pendingCalls ?? null;
         this.permissionMode = options.permissionMode ?? "safe";
         ensureDefaultMcpServers();
+        // Pre-warm the always-on MCP servers in the BACKGROUND so they're pooled
+        // before the first user turn. npx stdio servers (filesystem/memory)
+        // cold-start >2.5s and would otherwise miss the first turn's build deadline
+        // (shown as "MCP unavailable: ... still connecting — available next turn").
+        // Empty-message smart-filter keeps only the baseline (drops browser/web
+        // categories) so we don't speculatively spawn playwright/tavily. Fire-and-
+        // forget; the pool handles errors and the per-turn acquire still connects on
+        // demand if this is skipped.
+        void (async () => {
+            try {
+                const [{ warmMcpClients }, { loadMcpServers }, { filterMcpServersByMessage }] = await Promise.all([
+                    import("../mcp/client-pool.js"),
+                    import("../utils/settings.js"),
+                    import("../mcp/smart-filter.js"),
+                ]);
+                warmMcpClients(filterMcpServersByMessage(loadMcpServers(), ""));
+            }
+            catch (err) {
+                console.error(`[orchestrator] MCP pre-warm skipped: ${err?.message}`);
+            }
+        })();
         if (options.persistSession !== false) {
             this.sessionStore = new SessionStore(this.bash.getCwd());
             this.workspace = this.sessionStore.getWorkspace();
@@ -469,6 +490,11 @@ export class Agent {
             this.bash.cleanup(),
             shutdownWorkspaceLspManager(this.bash.getCwd()),
             extractSession(this.messages, this.bash.getCwd(), "cli-exit", this.getSessionId()),
+            // Tear down pooled MCP clients (client-pool.ts). They persist across turns
+            // by design (no per-turn cold-spawn), so the only real teardown is here at
+            // session end. Stdio children would die with the process anyway, but close
+            // them gracefully on a clean exit.
+            import("../mcp/client-pool.js").then((m) => m.closeAllMcpClients()),
         ]);
     }
     // Tool-loop cap handler — set by the UI (app.tsx) at startup. Invoked from

package/dist/src/orchestrator/prompts.d.ts

@@ -3,6 +3,38 @@ import { type CustomSubagentConfig, type SandboxMode, type SandboxSettings } fro
 export declare const MAX_TOOL_ROUNDS: number;
 export declare const VISION_MODEL = "grok-4-1-fast-reasoning";
 export declare const COMPUTER_MODEL = "grok-4.20-0309-reasoning";
+/**
+ * Phase 5 Fix — Env-aware ENVIRONMENT block.
+ *
+ * Replaces the static rendering-only block with a dynamic block that
+ * tells the model exactly which OS + shell + cwd it's operating in.
+ * Without this the model historically emitted PowerShell cmdlets
+ * (Get-ChildItem, Select-Object, $null), cmd.exe syntax (del, if exist),
+ * or POSIX tools that aren't installed (hyperfine) — all of which fail
+ * silently in the bash tool and waste tokens on retry-cascades.
+ *
+ * Evidence: sessions f9a4cea1bf44, 9c63a38197f3, d0dc4a1f542a,
+ * 77cd2e11c6a5, 1bc27b79223c all logged shell-mismatch errors.
+ *
+ * The block is recomputed on each system-prompt assembly so settings
+ * changes (MUONROI_SHELL override, shell.kind config) are reflected
+ * without a CLI restart.
+ */
+/**
+ * Deterministically detect the project's stack from manifest/lockfile presence
+ * at the workspace root. Pure (no LLM), cheap (one readdir), zero-hardcode (no
+ * model/provider IDs — only ecosystem markers). Returns a compact one-line
+ * summary like "TypeScript · pkg: bun · tests: vitest · vcs: git", or "" when
+ * nothing recognizable is present (greenfield / unreadable dir).
+ *
+ * Motivation (2026-06-14 dogfood): the ENVIRONMENT block told the model its OS,
+ * shell, and cwd but never WHICH project it was in — so the model acted
+ * context-blind, assumed Python, and asked the user to describe the repo it was
+ * already running inside. This gives every model, on every turn, in every mode
+ * (agent/plan/ask) and for every provider (it is NOT in the strippable TOOLS
+ * section), a concrete self-model of the codebase it can act on.
+ */
+export declare function detectProjectStack(cwd: string): string;
 export declare function findCustomSubagent(agent: string, subagents?: CustomSubagentConfig[]): CustomSubagentConfig | undefined;
 export declare function formatCustomSubagentsPromptSection(subagents: CustomSubagentConfig[]): string;
 export interface SystemPromptParts {
@@ -24,6 +56,25 @@ export interface SystemPromptOptions {
      */
     chitchat?: boolean;
 }
+/**
+ * Render the LIVE per-turn MCP tool roster as a system-prompt block.
+ *
+ * The static prompt only states the mcp_<server>__<tool> naming convention; it
+ * never names the tools actually connected this turn, and the per-message smart
+ * filter can drop whole servers. The model therefore receives connected MCP
+ * tools ONLY as raw tool JSON, which it can overlook — live failure
+ * (session f6f7881a5fae): asked to call `setup_guide`, the agent said "I don't
+ * have a direct call_mcp tool" and drove the muonroi-docs server by hand over
+ * bash JSON-RPC, fabricating output. Surfacing the exact callable names in prose
+ * closes that gap.
+ *
+ * `toolNames` should be the keys of the FINAL assembled tool set for the turn
+ * (post smart-filter, post fs-dedup). Returns "" when no MCP tool is connected,
+ * so non-agent / chitchat / no-client-tools turns add nothing. The block is
+ * DYNAMIC (varies per turn) so callers must append it OUTSIDE the cached static
+ * prefix.
+ */
+export declare function buildMcpCapabilityBlock(toolNames: readonly string[]): string;
 export declare function buildSystemPromptParts(cwd: string, mode: AgentMode, sandboxMode: SandboxMode, planContext?: string | null, subagents?: CustomSubagentConfig[], sandboxSettings?: SandboxSettings, providerId?: string, resumeDigest?: string | null, options?: SystemPromptOptions): SystemPromptParts;
 export declare function buildSystemPrompt(cwd: string, mode: AgentMode, sandboxMode: SandboxMode, planContext?: string | null, subagents?: CustomSubagentConfig[], sandboxSettings?: SandboxSettings, providerId?: string, resumeDigest?: string | null, options?: SystemPromptOptions): string;
 export declare function buildSubagentPrompt(request: TaskRequest, cwd: string, custom: CustomSubagentConfig | null, sandboxMode: SandboxMode, subagents?: CustomSubagentConfig[], sandboxSettings?: SandboxSettings, providerId?: string): string;