opencode-raven 1.2.7 → 2.0.0

package/README.md

@@ -4,19 +4,25 @@
 <tr>
 <td><img src="Raven.png" alt="Raven" width="768" /></td>
 <td>
-<strong>Search-first subagent for <a href="https://opencode.ai">opencode</a></strong><br/>
-Intercepts search tool calls and routes them to a Raven agent with full local filesystem access plus Context7, Exa AI, and Grep.app MCPs.
+<strong>Hard tool/MCP rerouter for <a href="https://opencode.ai">opencode</a></strong><br/>
+Blocks configured tools and MCPs for non-Raven agents, then routes those requests through a focused Raven agent to reduce context flooding.
 </td>
 </tr>
 </table>
 
 ## Why?
 
-Search is the most common thing agents do — and the most wasteful. Every search call burns tokens and context on results that a cheap, focused agent could handle better. Raven fixes three problems:
-
-1. **Cost** — Use a free model like `opencode/deepseek-v4-flash-free` for all search, saving your expensive model's context for actual work.
-2. **Reliability** — Hard-enforced interception. Other plugins suggest delegation; Raven *blocks* search tools for non-Raven agents and redirects them. No more agents ignoring your instructions and searching directly.
-3. **Simplicity** — One plugin, one agent, auto-configured. No bundled agents or features you don't need. Call Raven directly with `@Raven` or let agents use `raven_seek`. Works with any agent or workflow. Just add it to `opencode.jsonc` and restart.
+Tool-heavy work floods context. Search, docs, web, GitHub examples, and verbose MCP calls can dump raw results into your expensive main model. Raven is a hard blocker-rerouter: configured tools fail closed for non-Raven agents and must be delegated through `raven_seek`, where a focused Raven agent performs the work and returns a compact answer.
+
+Raven fixes three problems:
+
+1. **Context flooding** — Keep noisy tool results out of the main session. Raven summarizes tool/MCP output before returning it.
+2. **Cost** — Use a cheaper model like `opencode/deepseek-v4-flash-free` for tool-heavy work while saving your main model's context for decisions and edits.
+3. **Enforcement** — This is not soft nudging. Raven blocks configured tools/MCP prefixes for non-Raven agents and gives them the exact `raven_seek` retry path.
+
+Raven defaults to search/fetch/docs/GitHub routing, but it works with any MCP whose opencode tool names share a prefix.
+
+Important limitation: opencode still loads enabled MCP tool schemas into the main session. Raven saves context from tool calls and raw results, but it cannot hide initial MCP schemas from the main model until opencode supports agent-scoped MCP visibility.
 
 ## Install
 
@@ -40,14 +46,19 @@ Restart opencode.
 
 | Command | Action |
 |---------|--------|
-| `/raven` | Show status — enabled/disabled, version, update availability, model, reasoning effort, timeout (no args) |
-| `/raven on` | Enable search tool redirection (default) |
-| `/raven off` | Disable interception — all agents can use search tools directly |
+| `/raven` | Show status — enabled/disabled, version, update availability, model, routing, reasoning effort, timeout (no args) |
+| `/raven on` | Enable hard tool/MCP routing (default) |
+| `/raven off` | Disable routing — all agents can use routed tools directly |
+| `/raven route` | Show routed tools and MCP server prefixes |
+| `/raven route tool add <name>` | Route a specific tool through Raven |
+| `/raven route tool remove <name>` | Stop routing a specific tool |
+| `/raven route mcp add <server>` | Route every tool whose name starts with `<server>_` through Raven |
+| `/raven route mcp remove <server>` | Stop routing an MCP server prefix |
 | `/raven update` | Check npm for a newer Raven, clear opencode's plugin cache if needed, then restart opencode |
 | `/raven model <name>` | Change Raven's model (requires restart) |
 | `/raven effort <value>` | Change Raven's reasoning effort (requires restart) |
 | `/raven timeout <seconds>` | Change raven_seek timeout (min 10s, takes effect immediately) |
-| `/raven stats` | Show context processed (session + all-time, bytes + tokens) |
+| `/raven stats` | Show context saved (session + all-time, bytes + tokens) |
 
 Config persists across restarts in `~/.config/opencode/raven-config.json` (global, shared across all projects). Auto-created on first run.
 
@@ -87,7 +98,7 @@ You can call Raven directly with `@Raven` in any opencode chat. The Raven agent
 
 ## raven_seek
 
-When search, fetch, or discovery tools are blocked, agents use **`raven_seek`** — a unified tool that handles local codebase search, filesystem discovery, specific URL/page reads, web/docs research, GitHub examples, and command-output/system inspection. Output includes elapsed time and tokens processed.
+When configured tools/MCPs are blocked, agents use **`raven_seek`** — a unified delegation tool that sends the request to Raven. It handles routed MCP requests, local codebase search, filesystem discovery, specific URL/page reads, web/docs research, GitHub examples, and command-output/system inspection. Output includes elapsed time and tokens processed.
 
 ```
 raven_seek(query: "how to use useEffect cleanup")
@@ -95,34 +106,42 @@ raven_seek(query: "Fetch/read https://example.com and summarize install steps")
 raven_seek(query: "Check whether archivemount/libarchive supports ISO or UDF. Use docs, web, or command output as needed.")
 ```
 
-The agent doesn't see Raven's internal tool calls — just the final findings. Raven parallelizes independent searches internally within a single session.
+The main agent doesn't see Raven's internal tool calls or raw tool output — just the final findings. Raven parallelizes independent tool calls internally within a single session.
 
 ## Configuration
 
 ### raven-config.json
 
-Located at `~/.config/opencode/raven-config.json`. Auto-created on first run and auto-migrated on startup when new default fields are added. Edit manually or use `/raven` commands:
+Located at `~/.config/opencode/raven-config.json`. Auto-created on first run and auto-migrated on startup when new config fields are added. Default route lists are only applied when the field is missing, so removed tools/MCP prefixes stay removed. Edit manually or use `/raven` commands:
 
 ```json
 {
-  "enabled": true,
-  "model": "opencode/deepseek-v4-flash-free",
-  "reasoning_effort": "low",
-  "excludeAgents": [],
-  "excludeTools": [],
-  "timeout": 180
+  "enabled": true,
+  "model": "opencode/deepseek-v4-flash-free",
+  "reasoning_effort": "low",
+  "ravenInstructions": "",
+  "routeTools": ["grep", "glob", "webfetch", "fetch", "bash"],
+  "routeMcpServers": ["context7", "exa", "grep_app"],
+  "allowBundledMCPServers": true,
+  "excludeAgents": [],
+  "excludeTools": [],
+  "timeout": 180
 }
 ```
 
 | Field | Default | Description |
 |-------|---------|-------------|
-| `enabled` | `true` | Whether search tool interception is active |
-| `model` | *(from Raven.md)* | Override Raven's model without editing package files |
-| `reasoning_effort` | *(from Raven.md)* | Override Raven's reasoning effort (e.g. `"low"`, `"medium"`, `"high"`) |
-| `excludeAgents` | `[]` | Agents that bypass search tool blocking (case-insensitive). e.g. `["librarian", "explorer"]` |
-| `excludeTools` | `[]` | Tools that never get blocked. e.g. `["glob", "webfetch"]` |
-| `timeout` | `180` | Max seconds for a `raven_seek` call. On timeout the session is kept for inspection. |
-| `stats` | *(auto)* | Session + global context processed by Raven (bytes + tokens). Managed automatically. |
+| `enabled` | `true` | Whether tool/MCP routing is active |
+| `model` | *(from Raven.md)* | Override Raven's model without editing package files |
+| `reasoning_effort` | *(from Raven.md)* | Override Raven's reasoning effort (e.g. `"low"`, `"medium"`, `"high"`) |
+| `ravenInstructions` | `""` | Extra instructions appended to Raven's prompt. Useful for custom MCP usage rules. |
+| `routeTools` | built-in search/fetch tools plus `bash` | Exact tool names hard-routed through Raven. `bash` means route only search-like bash commands, not every bash call. e.g. `["grep", "glob", "bash", "linear_search_issues"]` |
+| `routeMcpServers` | `["context7", "exa", "grep_app"]` | MCP server prefixes hard-routed through Raven. `"linear"` routes tools like `linear_search_issues` and `linear_get_issue` |
+| `allowBundledMCPServers` | `true` | Whether Raven auto-registers bundled Context7, Exa, and Grep.app MCP defaults. Existing `opencode.jsonc` MCP entries are never overwritten. |
+| `excludeAgents` | `[]` | Agents that bypass Raven routing (case-insensitive). e.g. `["librarian", "explorer"]` |
+| `excludeTools` | `[]` | Exact tools that never get blocked, even if matched by `routeMcpServers`. e.g. `["my_mcp_validate"]` |
+| `timeout` | `180` | Max seconds for a `raven_seek` call. On timeout the session is kept for inspection. |
+| `stats` | *(auto)* | Session + global context saved by Raven (bytes + tokens). Managed automatically. |
 
 ### MCP servers
 
@@ -134,7 +153,17 @@ All three MCPs work without API keys. Add keys for higher rate limits:
 | Exa AI | `https://mcp.exa.ai/mcp` | Free key at [exa.ai](https://exa.ai) — higher limits |
 | Grep.app | `https://mcp.grep.app` | Not available — public API, no key needed |
 
-Raven merges these MCP defaults with your existing `opencode.jsonc` settings, preserving custom headers, URLs, and `enabled: false` overrides.
+When `allowBundledMCPServers` is `true`, Raven auto-registers bundled Context7, Exa, and Grep.app MCP defaults. It merges those MCP defaults with your existing `opencode.jsonc` settings, preserving custom headers, URLs, and `enabled: false` overrides. Set `allowBundledMCPServers` to `false` if you do not want Raven to add bundled MCP defaults.
+
+To add other MCPs, configure them in `opencode.jsonc`, then add their server prefix to `routeMcpServers` if you want Raven to route them. Raven does not install arbitrary MCPs from `raven-config.json`.
+
+Use `ravenInstructions` for extra Raven-only guidance, such as how to use custom MCPs:
+
+```json
+{
+  "ravenInstructions": "For Linear requests, prefer assigned open issues and include issue keys in the answer."
+}
+```
 
 To add an API key, override the MCP in your `opencode.jsonc` with a `headers` field:
 
@@ -165,30 +194,53 @@ To disable an MCP entirely:
 
 | Hook | What it does |
 |------|--------------|
-| `config` | Registers Raven agent, merges Context7/Exa/Grep.app MCP defaults, loads MCP guidance |
-| `tool` | Registers `raven_seek` — creates Raven sessions with timeout, error recovery, timing, and session tree visibility. Tracks context processed for stats (both `raven_seek` and direct `@Raven`). |
-| `chat.message` | Tracks agent ↔ session mapping for allowlist and Raven exclusion |
-| `event` | Shows startup update notifications after the TUI event stream is ready |
-| `command.execute.before` | Handles `/raven on\|off\|update\|model\|effort\|timeout\|stats\|status` |
-| `tool.execute.before` | Blocks search tools for non-Raven, non-excluded agents (respects `excludeTools`). Error output gives the next `raven_seek(query="...")` call. Injects concise `<raven_guidance>` into subagent prompts. |
-| `tool.execute.after` | Counts output bytes from direct `@Raven` calls for accurate stats. |
-
-### Blocked tools (redirected except for Raven and any agents in `excludeAgents`)
-
-**Dedicated search tools:**
-
-| Tool | Source |
-|------|--------|
-| `grep`, `glob`, `webfetch`, `fetch`, `websearch` | Built-in |
-| `websearch_web_search_exa` | WebSearch MCP |
-| `context7_resolve-library-id`, `context7_query-docs` | Context7 MCP |
-| `exa_web_search_exa`, `exa_web_fetch_exa`, `exa_web_search_advanced_exa` | Exa AI MCP |
-| `exa_company_research_exa`, `exa_crawling_exa`, `exa_people_search_exa` | Exa AI MCP |
-| `exa_linkedin_search_exa`, `exa_get_code_context_exa` | Exa AI MCP |
-| `exa_deep_researcher_start`, `exa_deep_researcher_check`, `exa_deep_search_exa` | Exa AI MCP |
-| `grep_app_searchGitHub` | Grep.app MCP |
-
-**Bash commands** — intercepted when the command matches a primary search/discovery pattern:
+| `config` | Registers Raven agent, optionally merges bundled Context7/Exa/Grep.app MCP defaults, loads MCP routing guidance |
+| `tool` | Registers `raven_seek` — creates Raven sessions with timeout, error recovery, timing, and session tree visibility. Tracks context saved for stats (both `raven_seek` and direct `@Raven`). |
+| `chat.message` | Tracks agent ↔ session mapping for allowlist and Raven exclusion |
+| `event` | Shows startup update notifications after the TUI event stream is ready |
+| `command.execute.before` | Handles `/raven on\|off\|route\|update\|model\|effort\|timeout\|stats\|status` |
+| `tool.execute.before` | Hard-blocks configured tools/MCPs for non-Raven, non-excluded agents (respects `excludeTools`). Error output gives the next `raven_seek(query="...")` call. Injects dynamic `<raven_guidance>` with configured routes into subagent prompts. |
+| `tool.execute.after` | Tracks direct `@Raven` calls for context-saved stats. |
+
+### Routed tools (blocked and redirected except for Raven and any agents in `excludeAgents`)
+
+By default, Raven routes these built-in tools and MCP server prefixes:
+
+| Config | Default |
+|------|--------|
+| `routeTools` | `grep`, `glob`, `webfetch`, `fetch`, `bash` |
+| `routeMcpServers` | `context7`, `exa`, `grep_app` |
+
+To route another MCP, add its server prefix. For example, `"linear"` routes every tool named `linear_*` through Raven:
+
+```txt
+/raven route mcp add linear
+```
+
+This works for any MCP whose opencode tool names share a prefix. For example, if an MCP exposes tools named `my_mcp_search`, `my_mcp_fetch`, and `my_mcp_get_item`, this routes all of them:
+
+```txt
+/raven route mcp add my_mcp
+```
+
+The prefix must match the actual tool name before `_`. If the tools are named `project_search`, add `project`, not the display name of the MCP. Matching is case-insensitive.
+
+If an MCP is routed but one tool should remain direct, add the exact tool to `excludeTools`:
+
+```json
+{
+  "routeMcpServers": ["context7", "exa", "grep_app", "my_mcp"],
+  "excludeTools": ["my_mcp_validate"]
+}
+```
+
+To route one specific tool without routing the whole MCP server:
+
+```txt
+/raven route tool add linear_search_issues
+```
+
+**Bash commands** — intercepted only while `bash` is included in `routeTools` and the command matches a primary search/discovery pattern:
 
 | Pattern | Examples |
 |---------|----------|
@@ -196,19 +248,33 @@ To disable an MCP entirely:
 | Filesystem exploration | `Get-ChildItem -Recurse`, `gci -Recurse`, `Get-ChildItem -Filter`, `find -name`, `find -type`, `ls -R`, `ls --recursive`, `dir /s` |
 | Shell bypass | `cmd /c dir /s`, `cmd /c findstr`, `cmd /c find`, `cmd /c tree` |
 
-**Unrestricted for non-Raven agents**: `read`, `task`, `subtask`, `raven_seek`, and non-search `bash` commands.
+**Unrestricted for non-Raven agents**: `read`, `task`, `subtask`, `raven_seek`, non-routed tools, and non-search `bash` commands.
 
-**Allowed output filters**: Piped filters like `command | grep ...`, `command | rg ...`, `command | findstr ...`, and `command | head ...` are allowed. Raven only blocks search commands when they are used as primary discovery commands, not when they filter bounded output from another command.
+**Allowed output filters**: Piped filters like `command | grep ...`, `command | rg ...`, `command | findstr ...`, and `command | head ...` are allowed. Raven only blocks search commands when they are used as primary discovery commands, not when they filter bounded output from another command.
+
+To stop routing search-like bash commands, remove `bash` from `routeTools`:
+
+```txt
+/raven route tool remove bash
+```
 
 **Bash quote stripping**: Quoted content in bash commands is stripped before pattern matching — `echo "use grep here"` won't falsely trigger blocking.
 
 **Comment stripping**: Shell comments are stripped before matching — `# use grep later` won't falsely trigger blocking.
 
-**Subagent guidance**: Every non-Raven, non-excluded subagent gets `<raven_guidance>` injected into its prompt at spawn time.
-
-## Agent capabilities
-
-Raven itself has access to these tools (blocked for other agents by the plugin):
+**Subagent guidance**: Every non-Raven, non-excluded subagent gets `<raven_guidance>` injected into its prompt at spawn time.
+
+The injected guidance includes the current `routeTools` and `routeMcpServers`, including user-added custom MCP prefixes, so subagents know which calls must go through `raven_seek`.
+
+### What Raven Saves
+
+Raven saves context from tool call results and raw MCP output by moving the work into a Raven session and returning a compact answer. It does not currently save context from MCP tool schemas that opencode loads into the main session when an MCP is enabled globally.
+
+This means large MCPs may still increase the main session's starting context. Raven still prevents repeated verbose tool outputs from accumulating in the main session.
+
+## Agent capabilities
+
+Raven itself has access to these tools (blocked for other agents when configured by the plugin):
 
 | Tool / MCP | Purpose |
 |------------|---------|

package/Raven.md

@@ -1,5 +1,5 @@
 ---
-description: Search-only agent for web, docs, code, examples, and Unity project inspection.
+description: Tool/MCP delegation agent for web, docs, code, examples, and configured external systems.
 mode: subagent
 hidden: false
 model: opencode/deepseek-v4-flash-free
@@ -18,7 +18,7 @@ permission:
 
 You are Raven.
 
-You search, fetch, and inspect only.
+You search, fetch, inspect, and use routed MCPs only.
 You return compact findings only.
 Never call `raven_seek`; you are Raven. Use your direct tools and MCPs instead.
 
@@ -42,9 +42,12 @@ Prefer Context7 over memory when docs may be version-specific or recently change
 Use for live web search, current information, company/product research, reading webpages, comparing tools, and broad external research.
 Use Exa when the answer may depend on recent updates, pricing, docs pages, releases, or online sources.
 
-*Grep.app:*
-Use for searching public GitHub code examples, real-world usage patterns, config examples, and how other projects structure similar code.
-Use Grep.app when docs are unclear or when implementation examples would help.
+*Grep.app:*
+Use for searching public GitHub code examples, real-world usage patterns, config examples, and how other projects structure similar code.
+Use Grep.app when docs are unclear or when implementation examples would help.
+
+*Other routed MCPs:*
+When the caller asks for a configured MCP, use that MCP directly and return a compact summary of only what the primary agent needs.
 
 Output format:
 
@@ -52,7 +55,7 @@ Answer:
 * Short direct finding.
 
 Sources / locations:
-* File paths, URLs, docs, examples, or Unity objects checked.
+* File paths, URLs, docs, examples, MCP records, or local objects checked.
 
 Relevant details:
 * Small notes only. No long code dumps.

package/index.ts

@@ -13,34 +13,28 @@ const PACKAGE_JSON = JSON.parse(readFileSync(join(PKG_DIR, "package.json"), "utf
 const PACKAGE_NAME = PACKAGE_JSON.name || "opencode-raven"
 const PACKAGE_VERSION = PACKAGE_JSON.version || "0.0.0"
 
-// ── Search tools that should be intercepted for non-Raven agents ──
-const SEARCH_TOOLS = [
-  // Built-in tools
-  "grep",
-  "glob",
-  "webfetch",
-  "fetch",
-  "websearch",
-  // WebSearch MCP
-  "websearch_web_search_exa",
-  // Context7 MCP
-  "context7_resolve-library-id",
-  "context7_query-docs",
-  // Exa AI MCP
-  "exa_web_search_exa",
-  "exa_web_fetch_exa",
-  "exa_web_search_advanced_exa",
-  "exa_company_research_exa",
-  "exa_crawling_exa",
-  "exa_people_search_exa",
-  "exa_linkedin_search_exa",
-  "exa_get_code_context_exa",
-  "exa_deep_researcher_start",
-  "exa_deep_researcher_check",
-  "exa_deep_search_exa",
-  // Grep.app MCP
-  "grep_app_searchGitHub",
-]
+// ── Tools/MCPs that should be intercepted for non-Raven agents ──
+const DEFAULT_ROUTE_TOOLS = [
+  "grep",
+  "glob",
+  "webfetch",
+  "fetch",
+  "bash",
+]
+
+const DEFAULT_ROUTE_MCP_SERVERS = [
+  "context7",
+  "exa",
+  "grep_app",
+]
+
+const DEFAULT_MCP_SERVERS: Record<string, string> = {
+  context7: "https://mcp.context7.com/mcp",
+  exa: "https://mcp.exa.ai/mcp",
+  grep_app: "https://mcp.grep.app",
+}
+
+const NEVER_ROUTE_TOOLS = new Set(["raven_seek", "task", "subtask"])
 
 // ── Bash commands that look like search workarounds ──
 const SEARCH_BASH_RE = /\b(?:rg|ripgrep|grep|egrep|fgrep|git\s+grep|ack|ag\b|findstr|Select-String)\b|\b(?:Get-ChildItem|gci)\b(?=[^|;&\n]*(?:-Recurse|-Filter|-Include|\s-[A-Za-z]*r[A-Za-z]*\b))|\bdir\b(?=[^|;&\n]*(?:[/-][sS]\b|-Recurse|-Filter|-Include))|\bls\b(?=[^|;&\n]*(?:\s-[A-Za-z]*R[A-Za-z]*\b|--recursive\b))|\bfind\b\s+.*(?:-name|-type)\b/i
@@ -113,28 +107,36 @@ function isSearchBash(tool: string, args: any): boolean {
 }
 
 // ── Config file shape ──
-interface RavenConfig {
-  enabled: boolean
-  model?: string
-  reasoning_effort?: string
-  excludeAgents?: string[]
-  excludeTools?: string[]
-  timeout?: number
-  stats?: { bytes: number }
-}
+interface RavenConfig {
+  enabled: boolean
+  model?: string
+  reasoning_effort?: string
+  ravenInstructions?: string
+  routeTools?: string[]
+  routeMcpServers?: string[]
+  allowBundledMCPServers?: boolean
+  excludeAgents?: string[]
+  excludeTools?: string[]
+  timeout?: number
+  stats?: { bytes: number }
+}
 
 // ── Parse Raven.md frontmatter ──
 const ravenMd = readFileSync(RAVEN_MD, "utf-8")
 const { frontmatter: fm, prompt: ravenPrompt } = parseRavenMd(ravenMd)
 
 const DEFAULT_CONFIG: RavenConfig = {
-  enabled: true,
-  model: fm.model,
-  reasoning_effort: fm.reasoning_effort,
-  excludeAgents: [],
-  excludeTools: [],
-  timeout: 180,
-}
+  enabled: true,
+  model: fm.model,
+  reasoning_effort: fm.reasoning_effort,
+  ravenInstructions: "",
+  routeTools: DEFAULT_ROUTE_TOOLS,
+  routeMcpServers: DEFAULT_ROUTE_MCP_SERVERS,
+  allowBundledMCPServers: true,
+  excludeAgents: [],
+  excludeTools: [],
+  timeout: 180,
+}
 
 function parseRavenMd(raw: string): { frontmatter: Record<string, any>; prompt: string } {
   const parts = raw.split("---")
@@ -206,16 +208,21 @@ const KNOWN_KEYS = new Set([
   "temperature", "top_p", "variant",
 ])
 
-function extractOptions(fm: Record<string, any>): Record<string, any> {
-  const options: Record<string, any> = {}
-  for (const key of Object.keys(fm)) {
-    if (!KNOWN_KEYS.has(key)) options[key] = fm[key]
-  }
-  return options
-}
-
-// ── Plugin ──
-export default ((input: PluginInput) => {
+function extractOptions(fm: Record<string, any>): Record<string, any> {
+  const options: Record<string, any> = {}
+  for (const key of Object.keys(fm)) {
+    if (!KNOWN_KEYS.has(key)) options[key] = fm[key]
+  }
+  return options
+}
+
+function uniqueStrings(value: unknown, fallback: string[] = []): string[] {
+  const source = Array.isArray(value) ? value : fallback
+  return [...new Set(source.filter((item) => typeof item === "string" && item.trim()).map((item) => item.trim()))]
+}
+
+// ── Plugin ──
+export default ((input: PluginInput) => {
   const client = input.client
 
   // Config file lives in the global opencode config directory
@@ -225,13 +232,17 @@ export default ((input: PluginInput) => {
     const source = raw && typeof raw === "object" ? raw : {}
     const normalized: RavenConfig = { ...DEFAULT_CONFIG, ...source }
 
-    normalized.enabled = source.enabled !== false
-    normalized.model = typeof source.model === "string" ? source.model : DEFAULT_CONFIG.model
-    normalized.reasoning_effort = typeof source.reasoning_effort === "string" ? source.reasoning_effort : DEFAULT_CONFIG.reasoning_effort
-    normalized.excludeAgents = Array.isArray(source.excludeAgents) ? source.excludeAgents : []
-    normalized.excludeTools = Array.isArray(source.excludeTools) ? source.excludeTools : []
-    normalized.timeout = typeof source.timeout === "number" ? source.timeout : DEFAULT_CONFIG.timeout
-    normalized.stats = source.stats || undefined
+    normalized.enabled = source.enabled !== false
+    normalized.model = typeof source.model === "string" ? source.model : DEFAULT_CONFIG.model
+    normalized.reasoning_effort = typeof source.reasoning_effort === "string" ? source.reasoning_effort : DEFAULT_CONFIG.reasoning_effort
+    normalized.ravenInstructions = typeof source.ravenInstructions === "string" ? source.ravenInstructions : DEFAULT_CONFIG.ravenInstructions
+    normalized.routeTools = uniqueStrings(source.routeTools, DEFAULT_ROUTE_TOOLS)
+    normalized.routeMcpServers = uniqueStrings(source.routeMcpServers, DEFAULT_ROUTE_MCP_SERVERS)
+    normalized.allowBundledMCPServers = source.allowBundledMCPServers !== false
+    normalized.excludeAgents = uniqueStrings(source.excludeAgents)
+    normalized.excludeTools = uniqueStrings(source.excludeTools)
+    normalized.timeout = typeof source.timeout === "number" ? source.timeout : DEFAULT_CONFIG.timeout
+    normalized.stats = source.stats || undefined
 
     return normalized
   }
@@ -262,7 +273,9 @@ export default ((input: PluginInput) => {
   let config = loadConfig()
   const ravenSessions = new Set<string>()
   const ravenTaskCalls = new Set<string>()
+  const ravenTaskPrompts = new Map<string, number>()
   const sessionAgents = new Map<string, string>()
+  const ravenSessionParents = new Map<string, string>()
   let updateInfo: { current: string; latest?: string; available: boolean } | undefined
   let updateCheckPromise: Promise<{ current: string; latest?: string; available: boolean }> | undefined
   let updateToastPending = false
@@ -274,21 +287,65 @@ export default ((input: PluginInput) => {
     return config.excludeAgents.some((a) => a.toLowerCase() === lower)
   }
 
-  const RAVEN_GUIDANCE = `Search/fetch tools are blocked by Raven. If one is blocked, your next tool call should be raven_seek(query="<same search/fetch request>").`
-
-  function attemptedQuery(tool: string, args: any): string {
-    if (!args || typeof args !== "object") return `${tool}: ${JSON.stringify(args)}`
-    const direct = args.query ?? args.pattern ?? args.url ?? args.urls ?? args.command ?? args.path ?? args.filePath
-    const value = direct !== undefined ? direct : args
-    const text = typeof value === "string" ? value : JSON.stringify(value)
-    return text.length > 500 ? `${text.slice(0, 497)}...` : text
-  }
-
-  function rerouteMessage(tool: string, args: any): string {
-    return `The '${tool}' tool call is blocked by Raven. Your next tool call should be raven_seek(query="${attemptedQuery(tool, args).replace(/"/g, "'")}").`
-  }
-
-  // ── Context processed by raven_seek ──
+  function ravenGuidance(): string {
+    const tools = config.routeTools?.length ? config.routeTools.join(", ") : "none"
+    const mcps = config.routeMcpServers?.length ? config.routeMcpServers.map((server) => `${server}_*`).join(", ") : "none"
+    return `Some tools/MCPs are routed through Raven to save context. Routed tools: ${tools}. Routed MCP prefixes: ${mcps}. If one is blocked, your next tool call should be raven_seek(query="<same request>"). Include the original tool/MCP name and relevant arguments.`
+  }
+
+  function isRouteConfigured(toolName: string): boolean {
+    const tool = toolName.toLowerCase()
+    if (NEVER_ROUTE_TOOLS.has(tool)) return false
+    if (config.routeTools?.some((name) => name.toLowerCase() === tool)) return true
+    return config.routeMcpServers?.some((server) => tool.startsWith(`${server.toLowerCase()}_`)) ?? false
+  }
+
+  function compactArgs(value: any): any {
+    if (Array.isArray(value)) {
+      return value.map(compactArgs).filter((item) => item !== undefined)
+    }
+    if (!value || typeof value !== "object") return value
+    const result: Record<string, any> = {}
+    for (const [key, raw] of Object.entries(value)) {
+      const item = compactArgs(raw)
+      if (item === undefined || item === null || item === "") continue
+      if (Array.isArray(item) && item.length === 0) continue
+      if (typeof item === "object" && !Array.isArray(item) && Object.keys(item).length === 0) continue
+      result[key] = item
+    }
+    return result
+  }
+
+  function attemptedQuery(tool: string, args: any): string {
+    const compact = compactArgs(args)
+    if (!compact || typeof compact !== "object") return `${tool}: ${JSON.stringify(compact)}`
+    const direct = compact.query ?? compact.pattern ?? compact.url ?? compact.urls ?? compact.command ?? compact.path ?? compact.filePath
+    const value = direct !== undefined ? direct : compact
+    const text = typeof value === "string" ? value : JSON.stringify(value)
+    const query = value === compact ? `${tool} ${text}` : `${tool}: ${text}`
+    return query.length > 300 ? `${query.slice(0, 297)}...` : query
+  }
+
+  function rerouteMessage(tool: string, args: any): string {
+    return `The '${tool}' tool call is blocked by Raven. Your next tool call should be raven_seek(query="${attemptedQuery(tool, args).replace(/"/g, "'")}").`
+  }
+
+  function routeSummary(): string {
+    const tools = config.routeTools?.length ? config.routeTools.join(", ") : "(none)"
+    const mcps = config.routeMcpServers?.length ? config.routeMcpServers.join(", ") : "(none)"
+    return `Raven routed tools/MCPs:\n  Tools: ${tools}\n  MCP servers: ${mcps}`
+  }
+
+  function mcpSummary(): string {
+    return `Raven bundled MCPs: ${config.allowBundledMCPServers === false ? "disabled" : Object.keys(DEFAULT_MCP_SERVERS).join(", ")}`
+  }
+
+  function ravenAgentPrompt(): string {
+    const extra = config.ravenInstructions?.trim()
+    return extra ? `${ravenPrompt}\n\nAdditional user instructions:\n${extra}` : ravenPrompt
+  }
+
+  // ── Context saved by Raven delegation ──
   let sessionBytes = 0
   let totalBytes = config.stats?.bytes ?? 0
 
@@ -343,6 +400,20 @@ export default ((input: PluginInput) => {
     return { current: PACKAGE_VERSION, latest, available: !!latest && compareVersions(latest, PACKAGE_VERSION) > 0 }
   }
 
+  async function countRavenSessionBytes(sessionId: string): Promise<number> {
+    // Get last assistant message token counts (matches TUI bottom bar)
+    const messagesResp = await client.session.messages({ path: { id: sessionId }, query: { limit: 200 } })
+    const messages = (messagesResp as any)?.data ?? []
+    // Find last assistant message with output tokens (same logic as TUI subagent-footer.tsx)
+    const last = [...messages].reverse().find((m: any) =>
+      m?.info?.role === "assistant" && m?.info?.tokens?.output > 0
+    )
+    const t = last?.info?.tokens
+    if (!t) return 0
+    const totalTokens = (t.input ?? 0) + (t.output ?? 0) + (t.reasoning ?? 0) + (t.cache?.read ?? 0) + (t.cache?.write ?? 0)
+    return totalTokens * 4
+  }
+
   async function getUpdateInfo(): Promise<{ current: string; latest?: string; available: boolean }> {
     if (updateInfo) return updateInfo
     if (!updateCheckPromise) {
@@ -421,11 +492,13 @@ export default ((input: PluginInput) => {
 
   return {
     config(configInput: any) {
-      // MCP servers
-      configInput.mcp = configInput.mcp || {}
-      ensureRemoteMcp(configInput, "context7", "https://mcp.context7.com/mcp")
-      ensureRemoteMcp(configInput, "exa", "https://mcp.exa.ai/mcp")
-      ensureRemoteMcp(configInput, "grep_app", "https://mcp.grep.app")
+      // Bundled MCP defaults. Existing opencode.jsonc entries are merged, not overwritten.
+      if (config.allowBundledMCPServers !== false) {
+        configInput.mcp = configInput.mcp || {}
+        for (const [key, url] of Object.entries(DEFAULT_MCP_SERVERS)) {
+          ensureRemoteMcp(configInput, key, url)
+        }
+      }
 
       // Inject MCP guidance as a startup instruction file (absolute path for npm compat)
       configInput.instructions = configInput.instructions || []
@@ -445,27 +518,27 @@ export default ((input: PluginInput) => {
           ...(config.reasoning_effort ? { reasoning_effort: config.reasoning_effort } : {}),
         },
         permission: fm.permission || {},
-        prompt: ravenPrompt,
-      }
+        prompt: ravenAgentPrompt(),
+      }
 
       // Register /raven command
       configInput.command = configInput.command || {}
       if (!configInput.command.raven) {
-        configInput.command.raven = {
-          template: "Manage Raven: /raven on|off|update|model <name>|status",
-          description: "Toggle search interception or change Raven's model",
-        }
+        configInput.command.raven = {
+          template: "Manage Raven: /raven on|off|route|update|model <name>|status",
+          description: "Toggle Raven routing, manage routed tools/MCPs, or change Raven's model",
+        }
       }
 
       updateToastPending = true
     },
 
-    // Register raven_seek tool — lets agents with task:false still search through Raven
+    // Register raven_seek tool — lets agents with task:false still delegate through Raven
     tool: {
       "raven_seek": tool({
-        description: "Unified Raven search/fetch/inspection tool. Use this whenever grep, glob, WebFetch/fetch, websearch, docs lookup, GitHub search, or search-like bash would be used. Handles local codebase search, filesystem discovery, specific URL/page reads, web/docs research, GitHub examples, and command-output/system inspection via Raven.",
+        description: "Unified Raven delegation tool. Use this whenever a tool/MCP is blocked by Raven, or when grep, glob, WebFetch/fetch, websearch, docs lookup, GitHub search, or search-like bash would be used. Handles routed MCP requests, local codebase search, filesystem discovery, specific URL/page reads, web/docs research, GitHub examples, and command-output/system inspection via Raven.",
         args: {
-          query: tool.schema.string().describe("What Raven should search, fetch, read, or inspect. Include exact URLs when replacing WebFetch. Include commands/output checks when replacing grep/rg/head over command output."),
+          query: tool.schema.string().describe("What Raven should do. Include the original blocked tool/MCP request and relevant args, exact URLs when replacing WebFetch, and commands/output checks when replacing grep/rg/head over command output."),
         },
         async execute(args, context) {
           const started = Date.now()
@@ -520,10 +593,23 @@ export default ((input: PluginInput) => {
               .map((p: any) => p.text)
             const output = textParts.join("\n") || "Raven returned no results."
 
-            // Track context saved
-            addBytes(output.length)
+            // Get total Raven session context and subtract input/output to get context saved
+            let totalProcessed = 0
+            try {
+              totalProcessed = await countRavenSessionBytes(sessionId)
+            } catch { /* best-effort */ }
+            if (totalProcessed <= 0) {
+              for (const part of parts) {
+                if (part.text) totalProcessed += part.text.length
+                if (part.args) totalProcessed += JSON.stringify(part.args).length
+                if (part.content) totalProcessed += typeof part.content === "string" ? part.content.length : JSON.stringify(part.content).length
+              }
+            }
+            // Context saved = total session context − input query − compact answer returned
+            const saved = Math.max(0, totalProcessed - output.length - String(args.query).length)
+            addBytes(saved)
 
-            return { title: "Raven Seek", metadata: { sessionId }, output: `${output}\n\n*Raven searched for ${elapsed}s — ${formatBytes(output.length)}, ~${formatTokens(output.length)} tokens*` }
+            return { title: "Raven Seek", metadata: { sessionId }, output: `${output}\n\n*Raven searched for ${elapsed}s — ${formatBytes(totalProcessed)} processed, ${formatTokens(totalProcessed)} tokens*` }
           } catch (err: any) {
             const elapsed = ((Date.now() - started) / 1000).toFixed(1)
             const msg = String(err?.message ?? err ?? "").toLowerCase()
@@ -550,30 +636,56 @@ export default ((input: PluginInput) => {
       }
     },
 
-    event() {
+    event(input: { event: any }) {
+      // Track subagent session → parent mapping for accurate context counting
+      const evt = input.event
+      if (evt?.type === "session.created" && evt?.properties?.parentID) {
+        ravenSessionParents.set(evt.properties.parentID, evt.properties.id)
+      }
+
       if (!updateToastPending) return
       updateToastPending = false
       setTimeout(() => void notifyIfUpdateAvailable(), 500)
     },
 
-    // /raven on|off|model <name>|effort <value>|timeout <seconds>|stats|status
+    // /raven on|off|route|model <name>|effort <value>|timeout <seconds>|stats|status
     async "command.execute.before"(input: any, output: any) {
       if (input.command !== "raven") return
       output.parts.length = 0
       const raw = input.arguments.trim()
       const arg = raw.toLowerCase()
 
-      if (arg === "on") {
-        config.enabled = true
-        saveConfig(config)
-        output.parts.push({ type: "text", text: "Raven search interception enabled. Non-Raven agents will be redirected to @raven for search tools." })
-      } else if (arg === "off") {
-        config.enabled = false
-        saveConfig(config)
-        output.parts.push({ type: "text", text: "Raven search interception disabled. All agents can use search tools directly." })
-      } else if (arg === "stats") {
-        output.parts.push({ type: "text", text: `Raven context processed:\n  This session: ${formatBytes(sessionBytes)} (~${formatTokens(sessionBytes)} tokens)\n  All time: ${formatBytes(totalBytes)} (~${formatTokens(totalBytes)} tokens)` })
-      } else if (arg === "update") {
+      if (arg === "on") {
+        config.enabled = true
+        saveConfig(config)
+        output.parts.push({ type: "text", text: "Raven tool/MCP routing enabled. Non-Raven agents will be redirected to raven_seek for configured tools." })
+      } else if (arg === "off") {
+        config.enabled = false
+        saveConfig(config)
+        output.parts.push({ type: "text", text: "Raven tool/MCP routing disabled. All agents can use tools directly." })
+      } else if (arg === "stats") {
+        output.parts.push({ type: "text", text: `Raven context saved:\n  This session: ${formatBytes(sessionBytes)} (~${formatTokens(sessionBytes)} context)\n  All time: ${formatBytes(totalBytes)} (~${formatTokens(totalBytes)} context)` })
+      } else if (arg === "route") {
+        output.parts.push({ type: "text", text: `${routeSummary()}\n\nUsage:\n  /raven route tool add <tool_name>\n  /raven route tool remove <tool_name>\n  /raven route mcp add <server_name>\n  /raven route mcp remove <server_name>` })
+      } else if (arg.startsWith("route ")) {
+        const parts = raw.split(/\s+/)
+        const kind = parts[1]?.toLowerCase()
+        const action = parts[2]?.toLowerCase()
+        const name = parts.slice(3).join(" ").trim()
+        const key = kind === "tool" ? "routeTools" : kind === "mcp" || kind === "server" ? "routeMcpServers" : undefined
+
+        if (!key || !["add", "remove", "rm"].includes(action) || !name) {
+          output.parts.push({ type: "text", text: "Usage:\n  /raven route tool add <tool_name>\n  /raven route tool remove <tool_name>\n  /raven route mcp add <server_name>\n  /raven route mcp remove <server_name>" })
+        } else {
+          const values = uniqueStrings(config[key])
+          const exists = values.some((value) => value.toLowerCase() === name.toLowerCase())
+          config[key] = action === "add"
+            ? exists ? values : [...values, name]
+            : values.filter((value) => value.toLowerCase() !== name.toLowerCase())
+          saveConfig(config)
+          output.parts.push({ type: "text", text: routeSummary() })
+        }
+      } else if (arg === "update") {
         try {
           const info = await refreshUpdateInfo()
           if (!info.latest) {
@@ -626,8 +738,8 @@ export default ((input: PluginInput) => {
             ? `Update: ${info.latest} available. Run /raven update, then restart opencode.`
             : `Update: up to date${info.latest ? ` (latest ${info.latest})` : ""}.`
         } catch { /* keep fallback */ }
-        output.parts.push({ type: "text", text: `Raven is ${enabled}. Version: ${PACKAGE_VERSION}. Model: ${model}. Reasoning: ${effort}. Timeout: ${timeout}s\n${update}\n\nCommands:\n  /raven on      — enable search interception\n  /raven off     — disable search interception\n  /raven update  — check npm, clear plugin cache if newer, then restart opencode\n  /raven model <name> — change Raven's model (requires restart)\n  /raven effort <value> — change Raven's reasoning effort (requires restart)\n  /raven timeout <seconds> — change raven_seek timeout\n  /raven stats   — show blocked calls and context saved` })
-      }
+        output.parts.push({ type: "text", text: `Raven is ${enabled}. Version: ${PACKAGE_VERSION}. Model: ${model}. Reasoning: ${effort}. Timeout: ${timeout}s\n${update}\n\n${routeSummary()}\n\n${mcpSummary()}\n\nRaven context saved:\n  This session: ${formatBytes(sessionBytes)} (~${formatTokens(sessionBytes)} context)\n  All time: ${formatBytes(totalBytes)} (~${formatTokens(totalBytes)} context)\n\nCommands:\n  /raven on      — enable tool/MCP routing\n  /raven off     — disable tool/MCP routing\n  /raven route   — show or edit routed tools/MCP servers\n  /raven update  — check npm, clear plugin cache if newer, then restart opencode\n  /raven model <name> — change Raven's model (requires restart)\n  /raven effort <value> — change Raven's reasoning effort (requires restart)\n  /raven timeout <seconds> — change raven_seek timeout\n  /raven stats   — show context saved` })
+      }
     },
 
     "tool.execute.before"(input: any, output: any) {
@@ -638,37 +750,62 @@ export default ((input: PluginInput) => {
       if (!config.enabled) return
       if (ravenSessions.has(input.sessionID)) return
       if (isExcluded(sessionAgents.get(input.sessionID))) return
-      if (config.excludeTools?.includes(input.tool)) return
+      if (config.excludeTools?.some((name) => name.toLowerCase() === input.tool.toLowerCase())) return
 
       // ── Subagent prompt injection: inject Raven guidance into every subagent ──
       if ((input.tool === "task" || input.tool === "subtask") && output.args) {
         const subagentType = input.tool === "task" ? (output.args.subagent_type ?? "") : ""
         if (subagentType === "raven") {
           ravenTaskCalls.add(input.callID)
+          const promptField = ["prompt", "description", "request", "objective", "query"].find(
+            (f) => f in output.args
+          ) ?? "prompt"
+          ravenTaskPrompts.set(input.callID, String(output.args[promptField] ?? "").length)
         }
         if (subagentType !== "raven" && !isExcluded(subagentType)) {
           const field = ["prompt", "description", "request", "objective", "query"].find(
             (f) => f in output.args
           ) ?? "prompt"
-          output.args[field] = `${output.args[field] ?? ""}\n\n<raven_guidance>\n${RAVEN_GUIDANCE}\n</raven_guidance>`
-        }
-      }
-
-      // ── Block search tools for non-Raven agents ──
-      const isSearchTool = SEARCH_TOOLS.includes(input.tool)
-      const isSearchBashCmd = isSearchBash(input.tool, output.args || input.args)
-
-      if (isSearchTool || isSearchBashCmd) {
-        throw new Error(rerouteMessage(input.tool, output.args || input.args))
-      }
+          output.args[field] = `${output.args[field] ?? ""}\n\n<raven_guidance>\n${ravenGuidance()}\n</raven_guidance>`
+        }
+      }
+
+      // ── Block routed tools/MCPs for non-Raven agents ──
+      const shouldRouteTool = input.tool === "bash" ? false : isRouteConfigured(input.tool)
+      const isSearchBashCmd = isRouteConfigured("bash") && isSearchBash(input.tool, output.args || input.args)
+
+      if (shouldRouteTool || isSearchBashCmd) {
+        const args = compactArgs(output.args || input.args)
+        if (output.args && typeof output.args === "object") output.args = args
+        throw new Error(rerouteMessage(input.tool, args))
+      }
     },
 
     "tool.execute.after"(input: any, output: any) {
       if (ravenTaskCalls.has(input.callID)) {
         ravenTaskCalls.delete(input.callID)
-        const outputLen = String(output.output ?? "").length
-        if (outputLen > 0) addBytes(outputLen)
+        const promptBytes = ravenTaskPrompts.get(input.callID) ?? 0
+        ravenTaskPrompts.delete(input.callID)
+        // Try task metadata first (built-in tools preserve metadata)
+        const ravenSessionId = output.metadata?.sessionId ?? ravenSessionParents.get(input.sessionID)
+        if (ravenSessionId) {
+          if (ravenSessionParents.has(input.sessionID)) ravenSessionParents.delete(input.sessionID)
+          void countRavenSessionBytes(ravenSessionId)
+            .then((total) => {
+              const saved = Math.max(0, total - promptBytes - String(output.output ?? "").length)
+              if (saved > 0) addBytes(saved)
+            })
+            .catch(() => {
+              const outputLen = String(output.output ?? "").length
+              const saved = Math.max(0, outputLen - promptBytes)
+              if (saved > 0) addBytes(saved)
+            })
+        } else {
+          const outputLen = String(output.output ?? "").length
+          const saved = Math.max(0, outputLen - promptBytes)
+          if (saved > 0) addBytes(saved)
+        }
       }
     },
-  }
-}) satisfies Plugin
+  }
+}) satisfies Plugin

package/mcp-guidance.md

@@ -1,16 +1,19 @@
-## Raven search/fetch guidance
-
-Do not call grep, glob, WebFetch/fetch, websearch, Context7, Exa, Grep.app, or search-like bash discovery commands directly.
-
-Use `raven_seek(query="...")` as the next tool call for ALL search/fetch/research tasks:
-
-- local codebase search
-- filesystem discovery
-- reading a specific URL or webpage
-- web search and current information
-- docs/library/API lookup
-- public GitHub examples
-- command-output or local system inspection that would otherwise use grep/rg/head over command output
+## Raven tool/MCP routing guidance
+
+Do not call tools or MCPs that Raven blocks directly. Raven may route search/fetch tools, docs/web/GitHub MCPs, or user-configured tools/MCP prefixes through `raven_seek` to save context.
+
+Use `raven_seek(query="...")` as the next tool call for blocked tool/MCP requests. Include the original tool/MCP name, intent, and relevant arguments.
+
+Raven commonly handles:
+
+- local codebase search
+- filesystem discovery
+- reading a specific URL or webpage
+- web search and current information
+- docs/library/API lookup
+- public GitHub examples
+- user-configured MCP requests
+- command-output or local system inspection that would otherwise use grep/rg/head over command output
 
 Examples:
 
@@ -18,6 +21,8 @@ Examples:
 
 `raven_seek(query="Fetch/read https://example.com and summarize the install instructions")`
 
-`raven_seek(query="Check whether archivemount/libarchive supports ISO or UDF. Use docs, web, or command output as needed.")`
-
-Simple piped output filters like `command | grep ...`, `command | rg ...`, `command | findstr ...`, or `command | head ...` are allowed when they only filter bounded output from the immediately preceding command.
+`raven_seek(query="Check whether archivemount/libarchive supports ISO or UDF. Use docs, web, or command output as needed.")`
+
+`raven_seek(query="Use the Linear MCP to find open bugs assigned to me and summarize the top 3")`
+
+Simple piped output filters like `command | grep ...`, `command | rg ...`, `command | findstr ...`, or `command | head ...` are allowed when they only filter bounded output from the immediately preceding command.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opencode-raven",
-  "version": "1.2.7",
-  "description": "Search-first subagent for opencode — intercepts search tools and routes them through a hidden Raven agent with Context7, Exa AI, and Grep.app MCPs",
+  "version": "2.0.0",
+  "description": "Hard tool/MCP rerouter for opencode — blocks configured tools and routes them through a Raven agent to reduce context flooding",
   "main": "./index.ts",
   "exports": {
     ".": "./index.ts"
@@ -18,6 +18,8 @@
     "opencode",
     "opencode-plugin",
     "search",
+    "router",
+    "reroute",
     "subagent",
     "mcp",
     "context7",