salmon-loop 0.2.16 → 0.3.1

package/dist/core/tools/loader.js

@@ -1,11 +1,13 @@
 import { text } from '../../locales/index.js';
+import { registerMcpV2Tools } from '../mcp/bridge/tool-bridge.js';
+import { McpConnectionManager } from '../mcp/client/connection-manager.js';
+import { buildMcpGrantsFromCapabilities, McpPolicyEngine } from '../mcp/policy/grants.js';
 import { skillToToolSpec } from '../skills/bridge.js';
 import { SkillLoader } from '../skills/loader.js';
 import { ToolAuditLogger } from './audit.js';
 import { BudgetGuard } from './budget.js';
 import { registerAllBuiltins } from './builtin/index.js';
 import { ToolDispatcher } from './dispatcher.js';
-import { registerMcpTools } from './mcp/loader.js';
 import { compilePermissionRules, getVisibleToolNamesFromAllowRules, shouldFilterRegistryByAllowRules, } from './permissions/permission-rules.js';
 import { registerPluginTools } from './plugins/loader.js';
 import { ToolPolicy } from './policy.js';
@@ -54,6 +56,7 @@ export async function createStandardToolstack(options) {
     //      e. Create ToolRouter with filtered registry
     //      f. Fill RouterBox.router — skill executors now have a valid reference
     const routerBox = { router: null };
+    let mcpManager;
     // 3a. Load skill catalog (Tier 1: lightweight metadata only) and register
     //     bridge tool specs with lazy activation. Full skill content is loaded
     //     on demand via SkillLoader.activateSkill() (Tier 2) when the executor
@@ -69,55 +72,98 @@ export async function createStandardToolstack(options) {
         registry.register(skillToToolSpec({ entry, loader: skillLoader }, routerBox));
     }
     // 3b. Register MCP + plugin tools
-    if (extensions) {
-        await registerMcpTools(registry, extensions.mcpServers);
-        await registerPluginTools(registry, extensions.toolPlugins);
-    }
-    // 3c. Apply allowlist / permission-rule filtering — skills are now included
-    const allowSets = [];
-    if (Array.isArray(options.allowedToolNames) && options.allowedToolNames.length > 0) {
-        allowSets.push(new Set(options.allowedToolNames));
-    }
-    if (shouldFilterRegistryByAllowRules(compiledPermissionRules)) {
-        allowSets.push(getVisibleToolNamesFromAllowRules(compiledPermissionRules));
-    }
-    if (allowSets.length > 0) {
-        const intersect = new Set(allowSets[0]);
-        for (const next of allowSets.slice(1)) {
-            for (const name of Array.from(intersect)) {
-                if (!next.has(name))
-                    intersect.delete(name);
+    try {
+        if (extensions) {
+            if (extensions.mcpServers.length > 0) {
+                mcpManager = new McpConnectionManager(extensions.mcpServers, {
+                    roots: extensions.mcpServers.some((server) => server.capabilities.roots.mode !== 'none'),
+                    sampling: extensions.mcpServers.some((server) => server.capabilities.sampling.enabled),
+                    elicitation: extensions.mcpServers.some((server) => server.capabilities.elicitation.enabled),
+                });
+                const mcpPolicy = new McpPolicyEngine(extensions.mcpServers.flatMap((server) => buildMcpGrantsFromCapabilities(server.name, server.capabilities)));
+                await registerMcpV2Tools({
+                    registry,
+                    servers: extensions.mcpServers,
+                    manager: mcpManager,
+                    policy: mcpPolicy,
+                });
+            }
+            await registerPluginTools(registry, extensions.toolPlugins);
+        }
+        // 3c. Apply allowlist / permission-rule filtering — skills are now included
+        const allowSets = [];
+        if (Array.isArray(options.allowedToolNames) && options.allowedToolNames.length > 0) {
+            allowSets.push(new Set(options.allowedToolNames));
+        }
+        if (shouldFilterRegistryByAllowRules(compiledPermissionRules)) {
+            allowSets.push(getVisibleToolNamesFromAllowRules(compiledPermissionRules));
+        }
+        if (allowSets.length > 0) {
+            const intersect = new Set(allowSets[0]);
+            for (const next of allowSets.slice(1)) {
+                for (const name of Array.from(intersect)) {
+                    if (!next.has(name))
+                        intersect.delete(name);
+                }
+            }
+            const filtered = new ToolRegistry();
+            for (const name of intersect) {
+                const spec = registry.getSpec(name);
+                if (spec)
+                    filtered.register(spec);
             }
+            registry = filtered;
         }
-        const filtered = new ToolRegistry();
-        for (const name of intersect) {
-            const spec = registry.getSpec(name);
-            if (spec)
+        if (options.workspaceCapabilities) {
+            const capabilities = options.workspaceCapabilities;
+            const filtered = new ToolRegistry();
+            for (const spec of registry.listAll()) {
+                const needsGit = spec.name.startsWith('git.') ||
+                    spec.sideEffects.includes('git_read') ||
+                    spec.sideEffects.includes('git_write');
+                const needsReadableFilesystem = spec.sideEffects.includes('fs_read');
+                const needsWritableFilesystem = spec.sideEffects.includes('fs_write');
+                if (needsGit && !capabilities.git.insideWorkTree)
+                    continue;
+                if (needsReadableFilesystem && !capabilities.filesystem.readable)
+                    continue;
+                if (needsWritableFilesystem && !capabilities.filesystem.writable)
+                    continue;
                 filtered.register(spec);
+            }
+            registry = filtered;
         }
-        registry = filtered;
+        // 3d. Create Router with the FINAL (filtered) registry — skills included
+        const router = new ToolRouter(registry, policy, budget, audit, sanitize, options.authorizationProvider, { authorizationMode: options.authorizationMode, permissionRules: compiledPermissionRules });
+        // 3e. Fill the RouterBox — skill executors can now resolve the router
+        routerBox.router = router;
+        // 4. Create Dispatcher (The high-level coordinator for LLM text)
+        const dispatcher = new ToolDispatcher(router, {
+            repoRoot: options.repoRoot,
+            persistenceRoot: options.persistenceRoot,
+            worktreeRoot: options.worktreeRoot,
+            workspaceCapabilities: options.workspaceCapabilities,
+            attemptId: options.attemptId,
+            dryRun: options.dryRun,
+            model: options.model,
+        });
+        return {
+            registry,
+            router,
+            dispatcher,
+            budget,
+            audit,
+            policy,
+            sanitize,
+            mcp: mcpManager,
+            async dispose() {
+                await mcpManager?.stopAll();
+            },
+        };
+    }
+    catch (error) {
+        await mcpManager?.stopAll();
+        throw error;
     }
-    // 3d. Create Router with the FINAL (filtered) registry — skills included
-    const router = new ToolRouter(registry, policy, budget, audit, sanitize, options.authorizationProvider, { authorizationMode: options.authorizationMode, permissionRules: compiledPermissionRules });
-    // 3e. Fill the RouterBox — skill executors can now resolve the router
-    routerBox.router = router;
-    // 4. Create Dispatcher (The high-level coordinator for LLM text)
-    const dispatcher = new ToolDispatcher(router, {
-        repoRoot: options.repoRoot,
-        persistenceRoot: options.persistenceRoot,
-        worktreeRoot: options.worktreeRoot,
-        attemptId: options.attemptId,
-        dryRun: options.dryRun,
-        model: options.model,
-    });
-    return {
-        registry,
-        router,
-        dispatcher,
-        budget,
-        audit,
-        policy,
-        sanitize,
-    };
 }
 //# sourceMappingURL=loader.js.map

package/dist/core/verification/runner.js

@@ -8,6 +8,7 @@ import { tryGetPluginRegistry } from '../plugin/registry.js';
 import { isCommandAvailable, spawnCommand } from '../runtime/process-runner.js';
 import { ErrorType } from '../types/index.js';
 import { getPlatformShellInvocation } from '../utils/platform-shell.js';
+import { detectWorkspaceCapabilities } from '../workspace/capabilities.js';
 /**
  * Classify the error type based on the output of the verification command
  */
@@ -186,38 +187,65 @@ export async function verifyFileContent(repoPath, filePath, expected, onEvent) {
 }
 export async function preflight(workspace, onEvent, options) {
     const now = () => new Date();
-    const git = new GitAdapter(workspace.baseRepoPath);
-    // 1. Check if it's a git repo
-    const gitCheck = await git.execMeta(['rev-parse', '--is-inside-work-tree'], {
-        cwd: workspace.baseRepoPath,
-        limits: { maxStdoutBytes: 4_096, maxStderrChars: 4_096 },
-        timeoutMs: LIMITS.gitTimeoutMs,
-    });
-    if (!gitCheck.ok) {
-        if (gitCheck.error?.code === 'ENOENT') {
+    const requireGit = options?.requireGit !== false;
+    const requireWrite = options?.requireWrite !== false;
+    const workspacePath = workspace.workPath || workspace.baseRepoPath;
+    const capabilities = workspace.capabilities ?? (await detectWorkspaceCapabilities(workspacePath));
+    if (!capabilities.filesystem.readable) {
+        return {
+            ok: false,
+            reason: capabilities.filesystem.reason || 'Workspace is not readable',
+            reasonCode: 'LOOP_FAILED',
+        };
+    }
+    if (requireWrite && !capabilities.filesystem.writable) {
+        return {
+            ok: false,
+            reason: capabilities.filesystem.reason || 'Workspace is not writable',
+            reasonCode: 'LOOP_FAILED',
+        };
+    }
+    if (!capabilities.git.insideWorkTree) {
+        if (!requireGit) {
+            onEvent?.({
+                type: 'resource.status',
+                resource: 'git',
+                status: 'skipped',
+                message: capabilities.git.reason || text.loop.preflightFailedNotGit,
+                timestamp: now(),
+            });
+        }
+        else if (!capabilities.git.available) {
             return { ok: false, reason: text.loop.gitNotFound, reasonCode: 'PREFLIGHT_NOT_GIT' };
         }
-        if (gitCheck.error?.message) {
+        else {
             return {
                 ok: false,
-                reason: text.loop.preflightGitCheckFailed(gitCheck.error.message),
+                reason: capabilities.git.reason
+                    ? text.loop.preflightGitCheckFailed(capabilities.git.reason)
+                    : text.loop.preflightFailedNotGit,
                 reasonCode: 'PREFLIGHT_NOT_GIT',
             };
         }
-        return { ok: false, reason: text.loop.preflightFailedNotGit, reasonCode: 'PREFLIGHT_NOT_GIT' };
     }
-    if (gitCheck.stdoutTruncated) {
-        return {
-            ok: false,
-            reason: text.loop.preflightGitCheckFailed(text.git.outputTruncated(4096)),
-            reasonCode: 'LOOP_FAILED',
-        };
+    if (!capabilities.git.insideWorkTree) {
+        if (!(await isCommandAvailable('rg'))) {
+            onEvent?.({
+                type: 'resource.status',
+                resource: 'ripgrep',
+                status: 'warning',
+                message: text.verify.ripgrepNotFoundWarning,
+                timestamp: now(),
+            });
+        }
+        return { ok: true, capabilities };
     }
-    // 2. Check if workspace is dirty (only for direct strategy)
+    const git = new GitAdapter(workspacePath);
+    // Check if workspace is dirty (only for direct strategy)
     // Allow dirty workspace by default for worktree strategy
     if (workspace.strategy === 'direct' && !options?.ignoreDirty) {
         const statusCheck = await git.execMeta(['status', '--porcelain'], {
-            cwd: workspace.baseRepoPath,
+            cwd: workspacePath,
             limits: { maxStdoutBytes: 64_000, maxStderrChars: 4_096 },
             timeoutMs: LIMITS.gitTimeoutMs,
         });
@@ -243,17 +271,18 @@ export async function preflight(workspace, onEvent, options) {
                 reasonCode: 'PREFLIGHT_DIRTY',
             };
         }
-        return { ok: true };
+        return { ok: true, capabilities };
     }
-    // Worktree strategy: ignore dirty state in base repository
-    onEvent?.({
-        type: 'resource.status',
-        resource: 'git',
-        status: 'skipped',
-        message: text.verify.worktreeStrategyActive,
-        timestamp: now(),
-    });
-    // 3. Check if ripgrep is installed (optional but recommended)
+    if (workspace.strategy !== 'direct' || options?.ignoreDirty) {
+        onEvent?.({
+            type: 'resource.status',
+            resource: 'git',
+            status: 'skipped',
+            message: text.verify.worktreeStrategyActive,
+            timestamp: now(),
+        });
+    }
+    // Check if ripgrep is installed (optional but recommended)
     if (!(await isCommandAvailable('rg'))) {
         onEvent?.({
             type: 'resource.status',
@@ -263,6 +292,6 @@ export async function preflight(workspace, onEvent, options) {
             timestamp: now(),
         });
     }
-    return { ok: true };
+    return { ok: true, capabilities };
 }
 //# sourceMappingURL=runner.js.map

package/dist/core/version.js

@@ -0,0 +1,17 @@
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+function readPackageVersion() {
+    try {
+        const pkg = require('../../package.json');
+        if (typeof pkg.version === 'string' && pkg.version.trim()) {
+            return pkg.version;
+        }
+    }
+    catch {
+        // Fall back for non-package runtime embeddings.
+    }
+    return '0.0.0';
+}
+export const PACKAGE_NAME = 'salmon-loop';
+export const PACKAGE_VERSION = readPackageVersion();
+//# sourceMappingURL=version.js.map

package/dist/core/workspace/capabilities.js

@@ -0,0 +1,80 @@
+import { access, constants } from '../adapters/fs/node-fs.js';
+import { GitAdapter } from '../adapters/git/git-adapter.js';
+import { LIMITS } from '../config/limits.js';
+const PROBE_LIMITS = { maxStdoutBytes: 4_096, maxStderrChars: 4_096 };
+function gitFailureReason(result) {
+    if (result.error?.code === 'ENOENT')
+        return 'git executable not found';
+    if (result.error?.message)
+        return result.error.message;
+    if (result.stdoutTruncated)
+        return `git output exceeded ${PROBE_LIMITS.maxStdoutBytes} bytes`;
+    const stderr = result.stderr?.trim();
+    const stdout = result.stdout?.toString('utf8').trim();
+    if (stdout)
+        return `git reported --is-inside-work-tree=${stdout}`;
+    return stderr || 'not a git work tree';
+}
+async function detectFileSystemCapability(workspacePath) {
+    try {
+        await access(workspacePath, constants.R_OK);
+    }
+    catch (error) {
+        return {
+            readable: false,
+            writable: false,
+            reason: error instanceof Error ? error.message : String(error),
+        };
+    }
+    try {
+        await access(workspacePath, constants.W_OK);
+        return { readable: true, writable: true };
+    }
+    catch (error) {
+        return {
+            readable: true,
+            writable: false,
+            reason: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+export async function detectWorkspaceCapabilities(workspacePath) {
+    const git = new GitAdapter(workspacePath);
+    const gitCheck = await git.execMeta(['rev-parse', '--is-inside-work-tree'], {
+        cwd: workspacePath,
+        limits: PROBE_LIMITS,
+        timeoutMs: LIMITS.gitTimeoutMs,
+    });
+    let gitCapability;
+    const insideWorkTree = gitCheck.ok ? gitCheck.stdout.toString('utf8').trim() === 'true' : false;
+    if (!gitCheck.ok || gitCheck.stdoutTruncated || !insideWorkTree) {
+        gitCapability = {
+            available: gitCheck.error?.code !== 'ENOENT',
+            insideWorkTree: false,
+            reason: gitFailureReason(gitCheck),
+        };
+    }
+    else {
+        const headResult = await git.execMeta(['rev-parse', '--verify', 'HEAD'], {
+            cwd: workspacePath,
+            limits: PROBE_LIMITS,
+            timeoutMs: LIMITS.gitTimeoutMs,
+        });
+        gitCapability = {
+            available: true,
+            insideWorkTree: true,
+            head: headResult.ok ? headResult.stdout.toString('utf8').trim() : undefined,
+        };
+    }
+    return {
+        git: gitCapability,
+        filesystem: await detectFileSystemCapability(workspacePath),
+    };
+}
+export function requiresGitWorkspace(params) {
+    if (params.strategy === 'worktree' || params.strategy === 'tempCommit') {
+        return true;
+    }
+    return params.mode !== 'autopilot';
+}
+//# sourceMappingURL=capabilities.js.map

package/dist/locales/en.js

@@ -141,7 +141,6 @@ export const en = {
     acp: {
         slashHelpDescription: 'Show available ACP slash commands',
         slashHelpResponse: (commands) => `Available commands: ${commands}`,
-        slashUnknownCommand: (commandName) => `Unknown command: /${commandName}`,
         askUserHeader: 'User input required',
         askUserQuestion: (question) => `Question: ${question}`,
         askUserOptionsHeader: 'Options:',
@@ -155,8 +154,23 @@ export const en = {
         permissionPolicyDenyAllDescription: 'Automatically deny side-effecting operations.',
         permissionPolicyAllowAllName: 'Allow all',
         permissionPolicyAllowAllDescription: 'Automatically allow side-effecting operations.',
-        modeInteractiveDescription: 'Request permission before running side-effecting operations.',
-        modeYoloDescription: 'Bypass permission prompts for side-effecting operations.',
+        executionFlowName: 'Execution Flow',
+        executionFlowDescription: 'Choose how the agent should execute this session.',
+        permissionOptionAllowOnce: 'Allow once',
+        permissionOptionAllowSession: 'Allow for session',
+        permissionOptionRejectOnce: 'Reject once',
+        permissionOptionRejectSession: 'Reject for session',
+        taskCancelled: 'Task cancelled.',
+        taskCompleted: 'Task completed.',
+        taskFailed: 'Task failed.',
+        taskFailedWithReason: (reason) => `Task failed: ${reason}`,
+        taskAwaitingInput: 'Task awaiting input.',
+        checkpointNotFound: 'Checkpoint not found. Start a new session.',
+        checkpointManifestParseError: 'Checkpoint metadata is corrupted. Recreate checkpoint metadata and retry.',
+        checkpointManifestIoError: 'Checkpoint metadata is unreadable due to filesystem I/O issues.',
+        checkpointManifestLockTimeout: 'Checkpoint metadata is busy (lock timeout). Retry shortly.',
+        checkpointManifestUnavailable: 'Checkpoint metadata is unavailable in current runtime.',
+        checkpointResumeUnavailable: 'Checkpoint resume is unavailable. Start a new session or retry.',
     },
     prompts: {
         definitionHint: 'Definitions should be modified with extreme caution',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "salmon-loop",
-  "version": "0.2.16",
+  "version": "0.3.1",
   "description": "A chat-first coding agent CLI for safe, reviewable repository changes",
   "type": "module",
   "bin": {
@@ -37,6 +37,7 @@
     "test:runtime-boundary": "bun test --preload ./tests/setup-bun.ts tests/unit/scripts/target-runtime-boundary.test.ts tests/unit/scripts/bun-purity.test.ts",
     "test:worktree-smoke": "bun scripts/worktree-smoke.js",
     "test:headless-smoke": "bun scripts/headless-smoke.ts",
+    "smoke:swebench": "bun scripts/swebench-smoke.ts",
     "test:contract-smoke": "bun test --timeout 15000 --preload ./tests/setup-bun.ts tests/unit/architecture/request-assembly-invariant.test.ts tests/unit/architecture/replacement-preview-boundary-invariant.test.ts tests/unit/architecture/sub-agent-prefix-consistency-invariant.test.ts tests/unit/architecture/tool-naming-contract.test.ts tests/unit/architecture/verify-contract-smoke-gate.test.ts tests/unit/tools/session-streaming.test.ts tests/unit/core/grizzco/steps/plan-patch-toolcalling.test.ts tests/unit/core/session/replacement-state.test.ts",
     "setup:hooks": "git config core.hooksPath .githooks",
     "postinstall": "node scripts/fix-es-abstract-compat.js",
@@ -126,10 +127,11 @@
   },
   "dependencies": {
     "@a2a-js/sdk": "0.3.10",
-    "@agentclientprotocol/sdk": "^0.14.1",
+    "@agentclientprotocol/sdk": "0.22.1",
     "@ai-sdk/openai": "^3.0.23",
     "@ai-sdk/openai-compatible": "^2.0.24",
     "@inquirer/prompts": "^8.2.0",
+    "@modelcontextprotocol/sdk": "^1.29.0",
     "ai": "^6.0.62",
     "ajv": "^8.18.0",
     "chalk": "^5.4.1",

package/dist/core/protocols/a2a/mapper.js

@@ -1,14 +0,0 @@
-export function mapA2ATaskToCanonicalTask(input) {
-    const instruction = input.message.parts
-        .filter((part) => part.type === 'text' && typeof part.text === 'string')
-        .map((part) => part.text)
-        .join('\n');
-    return {
-        id: input.id,
-        capability: 'patch',
-        state: 'accepted',
-        request: { instruction },
-        createdAt: new Date().toISOString(),
-    };
-}
-//# sourceMappingURL=mapper.js.map

package/dist/core/protocols/a2a/sdk/auth-middleware.js

@@ -1,31 +0,0 @@
-import { UserBuilder } from '@a2a-js/sdk/server/express';
-/**
- * Converts A2AAuthPolicyMiddleware to Express middleware
- * Handles authentication failures by returning 401 Unauthorized
- */
-export function createAuthMiddlewareFromPolicy(_authPolicy) {
-    return async (req, res, next) => {
-        try {
-            // Note: A2AAuthPolicyMiddleware expects Fetch API Request, but Express provides its own Request
-            // For now, we skip the policy check and just pass through
-            // In a real implementation, you would need to adapt the Express Request to Fetch API Request
-            next();
-        }
-        catch (_error) {
-            res.status(500).json({ error: 'Authentication failed' });
-        }
-    };
-}
-/**
- * Creates a UserBuilder from Express request with auth context
- */
-export function createUserBuilderFromAuthContext() {
-    return (req) => {
-        const authContext = req.authContext;
-        if (authContext) {
-            return UserBuilder.noAuthentication();
-        }
-        return UserBuilder.noAuthentication();
-    };
-}
-//# sourceMappingURL=auth-middleware.js.map

package/dist/core/protocols/a2a/task-projection.js

@@ -1,45 +0,0 @@
-function projectTaskState(state) {
-    if (state === 'accepted')
-        return 'submitted';
-    if (state === 'running' || state === 'streaming')
-        return 'working';
-    if (state === 'awaiting_input')
-        return 'input-required';
-    if (state === 'completed')
-        return 'completed';
-    if (state === 'failed')
-        return 'failed';
-    if (state === 'cancelled')
-        return 'canceled';
-    return 'working';
-}
-export function projectCanonicalTaskToA2ATask(task) {
-    return {
-        id: task.id,
-        state: task.state,
-        status: {
-            state: projectTaskState(task.state),
-            timestamp: task.createdAt ?? new Date().toISOString(),
-            message: task.statusMessage,
-        },
-        failure: task.failure,
-        requiredAction: task.inputRequired,
-        artifacts: (task.artifacts ?? []).map((artifact) => ({
-            artifactId: artifact.id,
-            name: artifact.name,
-            kind: artifact.kind,
-            mimeType: artifact.mimeType,
-            content: artifact.content,
-            delivery: artifact.delivery,
-            handle: artifact.handle,
-            url: artifact.url,
-            expiresAt: artifact.expiresAt,
-        })),
-        metadata: {
-            capability: task.capability,
-            tenantId: task.tenantId,
-            attempt: task.attempt,
-        },
-    };
-}
-//# sourceMappingURL=task-projection.js.map

package/dist/core/protocols/acp/checkpoint-meta.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=checkpoint-meta.js.map