triflux 9.5.1 → 9.7.0

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "triflux",
-  "version": "9.5.1",
+  "version": "9.7.0",
   "description": "CLI-first multi-model orchestrator for Claude Code — route tasks to Codex, Gemini, and Claude",
   "author": {
     "name": "tellang"

package/bin/triflux.mjs

@@ -12,6 +12,14 @@ import { forceCleanupTeam } from "../hub/team/nativeProxy.mjs";
 import { cleanupStaleOmcTeams, inspectStaleOmcTeams } from "../hub/team/staleState.mjs";
 import { getPipelineStateDbPath } from "../hub/pipeline/state.mjs";
 import { ensureGeminiProfiles } from "../scripts/lib/gemini-profiles.mjs";
+import {
+  addRegistryServer,
+  inspectRegistry,
+  inspectRegistryStatus,
+  removeRegistryServer,
+  removeServerFromTargets,
+  syncRegistryTargets,
+} from "../scripts/lib/mcp-guard-engine.mjs";
 import {
   SYNC_MAP, SKILL_ALIASES, REQUIRED_CODEX_PROFILES, LEGACY_CODEX_MODELS,
   syncAliasedSkillDir, hasProfileSection, replaceProfileSection,
@@ -113,6 +121,31 @@ const CLI_COMMAND_SCHEMAS = Object.freeze({
       toggle: "특정 훅 활성/비활성 토글: hooks toggle <hookId>",
     },
   },
+  mcp: {
+    usage: "tfx mcp <list|sync|add|remove> [--json]",
+    description: "MCP registry 상태 확인 및 중앙 동기화",
+    subcommands: {
+      list: {
+        usage: "tfx mcp list [--json]",
+        options: [{ name: "--json", type: "boolean", description: "registry + 실제 설정 상태를 JSON으로 출력" }],
+      },
+      sync: {
+        usage: "tfx mcp sync [--json]",
+        options: [{ name: "--json", type: "boolean", description: "동기화 결과를 JSON으로 출력" }],
+      },
+      add: {
+        usage: "tfx mcp add <name> --url <url> [--json]",
+        options: [
+          { name: "--url", type: "string", description: "등록할 MCP URL" },
+          { name: "--json", type: "boolean", description: "등록 결과를 JSON으로 출력" },
+        ],
+      },
+      remove: {
+        usage: "tfx mcp remove <name> [--json]",
+        options: [{ name: "--json", type: "boolean", description: "제거 결과를 JSON으로 출력" }],
+      },
+    },
+  },
   hub: {
     usage: "tfx hub <start|stop|status> [--port N] [--json]",
     description: "tfx-hub 프로세스 제어",
@@ -908,6 +941,104 @@ function addDoctorCheck(report, entry) {
   report.checks.push(entry);
 }
 
+function formatPathForDisplay(filePath) {
+  const value = String(filePath || "").replace(/\\/g, "/");
+  const homePath = homedir().replace(/\\/g, "/");
+  return value.startsWith(homePath) ? `~${value.slice(homePath.length)}` : value;
+}
+
+function renderTable(headers, rows) {
+  if (!rows.length) return;
+  const widths = headers.map((header, index) => {
+    const cellWidths = rows.map((row) => stripAnsi(String(row[index] ?? "")).length);
+    return Math.max(stripAnsi(header).length, ...cellWidths);
+  });
+
+  const padCell = (cell, width) => {
+    const text = String(cell ?? "");
+    return text + " ".repeat(Math.max(0, width - stripAnsi(text).length));
+  };
+  const formatRow = (row) => row.map((cell, index) => padCell(cell, widths[index])).join("  ");
+  console.log(`    ${formatRow(headers)}`);
+  console.log(`    ${widths.map((width) => "─".repeat(width)).join("  ")}`);
+  for (const row of rows) {
+    console.log(`    ${formatRow(row)}`);
+  }
+}
+
+function getOptionValue(args, optionName) {
+  const index = args.indexOf(optionName);
+  if (index === -1) return null;
+  return args[index + 1] ?? null;
+}
+
+function statusBadge(status) {
+  switch (status) {
+    case "present":
+    case "ok":
+    case "removed":
+      return `${GREEN_BRIGHT}${status}${RESET}`;
+    case "updated":
+      return `${AMBER}${status}${RESET}`;
+    case "missing":
+    case "missing-file":
+    case "warning":
+      return `${YELLOW}${status}${RESET}`;
+    case "mismatch":
+    case "invalid":
+    case "invalid-config":
+      return `${RED_BRIGHT}${status}${RESET}`;
+    default:
+      return status;
+  }
+}
+
+function buildMcpStatusRows(statusInfo) {
+  const registryRows = statusInfo.rows
+    .filter((row) => row.type === "registry")
+    .map((row) => {
+      let detail = "";
+      if (row.status === "present") detail = row.actualUrl || row.expectedUrl;
+      else if (row.status === "missing") detail = "registry only";
+      else if (row.status === "missing-file") detail = "config missing";
+      else if (row.status === "mismatch") detail = `expected ${row.expectedUrl}`;
+      else if (row.status === "invalid-config") detail = "parse error";
+      else if (row.status === "stdio") detail = "configured as stdio";
+      return [row.name, row.label, statusBadge(row.status), formatPathForDisplay(row.filePath), detail];
+    });
+
+  const stdioRows = statusInfo.rows
+    .filter((row) => row.type === "stdio")
+    .map((row) => [
+      row.name,
+      row.label,
+      statusBadge("warning"),
+      formatPathForDisplay(row.filePath),
+      row.command ? `stdio: ${row.command}` : "stdio MCP",
+    ]);
+
+  return [...registryRows, ...stdioRows];
+}
+
+function ensureValidRegistryState() {
+  const registryState = inspectRegistry();
+  if (!registryState.exists) {
+    throw createCliError(`MCP registry missing: ${registryState.path}`, {
+      exitCode: EXIT_CONFIG_ERROR,
+      reason: "configError",
+      fix: "config/mcp-registry.json을 복원하거나 `tfx mcp add <name> --url <url>`로 다시 생성하세요.",
+    });
+  }
+  if (!registryState.valid) {
+    throw createCliError(`MCP registry invalid: ${registryState.errors.join("; ")}`, {
+      exitCode: EXIT_CONFIG_ERROR,
+      reason: "configError",
+      fix: `${registryState.path}의 JSON 구조를 수정하세요.`,
+    });
+  }
+  return registryState;
+}
+
 async function cmdDoctor(options = {}) {
   const { fix = false, reset = false, json = false } = options;
   const report = {
@@ -1081,6 +1212,25 @@ async function cmdDoctor(options = {}) {
     } catch {
       warn("웜업 캐시 자동 복구 실패");
     }
+    const registryStateForFix = inspectRegistry();
+    if (registryStateForFix.valid) {
+      try {
+        const mcpSync = syncRegistryTargets({ registry: registryStateForFix.registry });
+        const updatedCount = mcpSync.actions.filter((action) => action.status === "updated").length;
+        const invalidCount = mcpSync.actions.filter((action) => action.status === "invalid-config").length;
+        report.actions.push({ type: "mcp-sync", status: invalidCount > 0 ? "issues" : "ok", actions: mcpSync.actions });
+        if (updatedCount > 0) ok(`MCP registry 동기화: ${updatedCount}개 설정 반영됨`);
+        else info("MCP registry: 이미 최신 상태");
+        if (invalidCount > 0) warn(`MCP registry 동기화 건너뜀: parse error ${invalidCount}개`);
+      } catch (error) {
+        report.actions.push({ type: "mcp-sync", status: "failed", message: error.message });
+        warn(`MCP registry 자동 동기화 실패: ${error.message}`);
+      }
+    } else if (registryStateForFix.exists) {
+      warn("MCP registry invalid — auto sync 건너뜀");
+    } else {
+      info("MCP registry 없음 — auto sync 건너뜀");
+    }
     console.log(`\n  ${LINE}`);
     info("수정 완료 — 아래 진단 결과를 확인하세요");
     console.log("");
@@ -1766,6 +1916,181 @@ async function cmdDoctor(options = {}) {
     ok("잔존 팀 없음");
   }
 
+  // ── Docs 동기화 상태 ──
+  section("Docs Sync");
+  {
+    const docsDirs = ["docs/design", "docs/research"];
+    const missingDocs = [];
+    for (const dir of docsDirs) {
+      const src = join(PKG_ROOT, dir);
+      const dest = join(CLAUDE_DIR, dir);
+      if (existsSync(src)) {
+        const srcFiles = readdirSync(src).filter(f => f.endsWith(".md"));
+        if (!existsSync(dest)) {
+          missingDocs.push({ dir, missing: srcFiles.length, detail: "디렉토리 없음" });
+        } else {
+          const destFiles = readdirSync(dest).filter(f => f.endsWith(".md"));
+          const missing = srcFiles.filter(f => !destFiles.includes(f));
+          if (missing.length > 0) missingDocs.push({ dir, missing: missing.length, detail: missing.join(", ") });
+        }
+      }
+    }
+    if (missingDocs.length === 0) {
+      addDoctorCheck(report, { name: "docs-sync", status: "ok" });
+      ok("레퍼런스 문서 동기화 정상");
+    } else {
+      addDoctorCheck(report, { name: "docs-sync", status: "issues", missingDocs, fix: "tfx setup" });
+      warn(`${missingDocs.reduce((s, d) => s + d.missing, 0)}개 레퍼런스 미동기화`);
+      for (const d of missingDocs) info(`${d.dir}: ${d.detail}`);
+      if (fix) {
+        for (const dir of docsDirs) {
+          const src = join(PKG_ROOT, dir);
+          const dest = join(CLAUDE_DIR, dir);
+          if (existsSync(src)) {
+            mkdirSync(dest, { recursive: true });
+            for (const f of readdirSync(src).filter(f => f.endsWith(".md"))) {
+              copyFileSync(join(src, f), join(dest, f));
+            }
+          }
+        }
+        ok("레퍼런스 동기화 완료");
+      } else {
+        issues += missingDocs.length;
+      }
+    }
+  }
+
+  // ── MCP 중앙 레지스트리 ──
+  section("MCP Registry");
+  {
+    const registryState = inspectRegistry();
+    if (!registryState.exists) {
+      addDoctorCheck(report, {
+        name: "mcp-registry",
+        status: "missing",
+        path: registryState.path,
+        fix: "config/mcp-registry.json을 복원하거나 `tfx mcp add <name> --url <url>`를 실행하세요.",
+      });
+      warn("mcp-registry.json 없음");
+      info(`path: ${registryState.path}`);
+      issues++;
+    } else if (!registryState.valid) {
+      addDoctorCheck(report, {
+        name: "mcp-registry",
+        status: "invalid",
+        path: registryState.path,
+        errors: registryState.errors,
+        fix: "config/mcp-registry.json 구조를 수정하세요.",
+      });
+      fail("mcp-registry.json invalid");
+      for (const entry of registryState.errors) info(entry);
+      issues++;
+    } else {
+      const statusInfo = inspectRegistryStatus(registryState.registry);
+      const invalidConfigs = statusInfo.configs.filter((config) => config.parseError);
+      const mismatchRows = statusInfo.rows.filter((row) => row.type === "registry" && row.status === "mismatch");
+      const missingRows = statusInfo.rows.filter((row) => row.type === "registry" && row.status === "missing");
+      const missingFileRows = statusInfo.rows.filter((row) => row.type === "registry" && row.status === "missing-file");
+      const stdioRows = statusInfo.rows.filter((row) => row.type === "stdio");
+      const hasHardIssues = invalidConfigs.length > 0 || mismatchRows.length > 0;
+      const status = hasHardIssues
+        ? "issues"
+        : stdioRows.length > 0
+          ? "warning"
+          : "ok";
+
+      addDoctorCheck(report, {
+        name: "mcp-registry",
+        status,
+        path: registryState.path,
+        server_count: Object.keys(registryState.registry.servers || {}).length,
+        rows: statusInfo.rows,
+        invalid_configs: invalidConfigs.map((config) => ({
+          file: config.filePath,
+          error: config.parseError?.message || "parse error",
+        })),
+        ...(stdioRows.length > 0 ? { fix: "tfx doctor --fix 또는 tfx mcp sync" } : {}),
+      });
+
+      ok(`registry 정상 (${Object.keys(registryState.registry.servers || {}).length}개 server)`);
+
+      if (statusInfo.rows.length > 0) {
+        renderTable(
+          ["server", "target", "status", "config", "detail"],
+          buildMcpStatusRows(statusInfo),
+        );
+      } else {
+        info("등록된 MCP server 없음");
+      }
+
+      for (const config of invalidConfigs) {
+        fail(`${config.label}: 설정 파싱 실패`);
+        info(`${formatPathForDisplay(config.filePath)} — ${config.parseError.message}`);
+      }
+
+      for (const row of mismatchRows) {
+        warn(`${row.label}: ${row.name} URL 불일치`);
+        info(`expected ${row.expectedUrl}`);
+        if (row.actualUrl) info(`actual   ${row.actualUrl}`);
+      }
+
+      for (const row of missingFileRows) {
+        info(`${row.label}: ${row.name} 미배치 (${formatPathForDisplay(row.filePath)})`);
+      }
+
+      for (const row of missingRows) {
+        info(`${row.label}: ${row.name} 누락`);
+      }
+
+      if (stdioRows.length === 0) {
+        ok("미등록 stdio MCP 없음");
+      } else {
+        warn(`${stdioRows.length}개 미등록 stdio MCP 감지`);
+        for (const row of stdioRows) {
+          info(`${row.label}: ${row.name}${row.command ? ` (${row.command})` : ""}`);
+        }
+      }
+
+      issues += invalidConfigs.length;
+      issues += mismatchRows.length;
+      issues += stdioRows.length;
+    }
+  }
+
+  // ── Route Script 정합성 ──
+  section("Route Script Sync");
+  {
+    const srcRoute = join(PKG_ROOT, "scripts", "tfx-route.sh");
+    const destRoute = join(CLAUDE_DIR, "scripts", "tfx-route.sh");
+    if (existsSync(srcRoute) && existsSync(destRoute)) {
+      const srcHash = readFileSync(srcRoute, "utf8").length;
+      const destHash = readFileSync(destRoute, "utf8").length;
+      const srcContent = readFileSync(srcRoute, "utf8");
+      const destContent = readFileSync(destRoute, "utf8");
+      if (srcContent === destContent) {
+        addDoctorCheck(report, { name: "route-sync", status: "ok" });
+        ok("프로젝트 소스와 설치본 일치");
+      } else {
+        addDoctorCheck(report, { name: "route-sync", status: "issues", fix: "tfx setup" });
+        warn("tfx-route.sh 프로젝트 소스와 설치본 불일치");
+        info(`소스: ${srcRoute} (${srcHash}B) / 설치: ${destRoute} (${destHash}B)`);
+        if (fix) {
+          copyFileSync(srcRoute, destRoute);
+          ok("tfx-route.sh 동기화 완료");
+        } else {
+          issues++;
+        }
+      }
+    } else if (existsSync(srcRoute) && !existsSync(destRoute)) {
+      addDoctorCheck(report, { name: "route-sync", status: "missing", fix: "tfx setup" });
+      fail("설치본 없음");
+      issues++;
+    } else {
+      addDoctorCheck(report, { name: "route-sync", status: "ok" });
+      ok("소스 없음 (npm 패키지 모드)");
+    }
+  }
+
   // 결과
   console.log(`\n  ${LINE}`);
   if (issues === 0) {
@@ -2089,6 +2414,175 @@ function cmdSchema(args = []) {
   });
 }
 
+function cmdMcp(args = [], options = {}) {
+  const { json = false } = options;
+  const sub = String(args[0] || "list").trim().toLowerCase();
+
+  if (sub === "help" || sub === "--help" || sub === "-h") {
+    console.log(`
+  ${AMBER}${BOLD}⬡ tfx mcp${RESET}
+
+    ${WHITE_BRIGHT}tfx mcp list${RESET}                 ${GRAY}registry + 실제 설정 상태 테이블${RESET}
+    ${WHITE_BRIGHT}tfx mcp sync${RESET}                 ${GRAY}registry 기준 전체 스캔 + 치환${RESET}
+    ${WHITE_BRIGHT}tfx mcp add <name> --url <url>${RESET}    ${GRAY}registry 등록 + 대상 설정 반영${RESET}
+    ${WHITE_BRIGHT}tfx mcp remove <name>${RESET}        ${GRAY}registry + 실제 설정에서 제거${RESET}
+`);
+    return;
+  }
+
+  switch (sub) {
+    case "list": {
+      const registryState = ensureValidRegistryState();
+      const statusInfo = inspectRegistryStatus(registryState.registry);
+      if (json) {
+        printJson({
+          registry_path: registryState.path,
+          server_count: Object.keys(registryState.registry.servers || {}).length,
+          rows: statusInfo.rows,
+          configs: statusInfo.configs.map((config) => ({
+            file: config.filePath,
+            label: config.label,
+            exists: config.exists,
+            parse_error: config.parseError?.message || null,
+          })),
+        });
+        return;
+      }
+
+      console.log(`\n  ${AMBER}${BOLD}⬡ triflux mcp${RESET} ${VER}\n`);
+      console.log(`  ${LINE}`);
+      section("Registry");
+      info(formatPathForDisplay(registryState.path));
+      ok(`${Object.keys(registryState.registry.servers || {}).length}개 server 등록됨`);
+      if (statusInfo.rows.length === 0) {
+        info("표시할 MCP 상태 없음");
+      } else {
+        renderTable(
+          ["server", "target", "status", "config", "detail"],
+          buildMcpStatusRows(statusInfo),
+        );
+      }
+      console.log("");
+      return;
+    }
+
+    case "sync": {
+      const registryState = ensureValidRegistryState();
+      const result = syncRegistryTargets({ registry: registryState.registry });
+      if (json) {
+        printJson({
+          registry_path: registryState.path,
+          actions: result.actions,
+        });
+        return;
+      }
+
+      console.log(`\n  ${AMBER}${BOLD}⬡ triflux mcp sync${RESET} ${VER}\n`);
+      console.log(`  ${LINE}`);
+      section("Actions");
+      for (const action of result.actions) {
+        const label = `${action.label} ${DIM}(${formatPathForDisplay(action.filePath)})${RESET}`;
+        if (action.status === "updated") ok(`${label} → updated`);
+        else if (action.status === "warning") warn(`${label} → warning`);
+        else if (action.status === "invalid-config") fail(`${label} → invalid-config`);
+        else info(`${stripAnsi(label)} → ${action.status}`);
+      }
+      console.log("");
+      return;
+    }
+
+    case "add": {
+      const name = String(args[1] || "").trim();
+      const url = getOptionValue(args, "--url");
+      if (!name) {
+        throw createCliError("MCP server name is required", {
+          exitCode: EXIT_ARG_ERROR,
+          reason: "argError",
+          fix: "tfx mcp add <name> --url <url>",
+        });
+      }
+      if (!url) {
+        throw createCliError("MCP server url is required", {
+          exitCode: EXIT_ARG_ERROR,
+          reason: "argError",
+          fix: "tfx mcp add <name> --url <url>",
+        });
+      }
+
+      const normalizedUrl = (() => {
+        try { return new URL(url).toString(); } catch {
+          throw createCliError(`Invalid MCP URL: ${url}`, {
+            exitCode: EXIT_ARG_ERROR,
+            reason: "argError",
+            fix: "http:// 또는 https:// URL을 사용하세요.",
+          });
+        }
+      })();
+
+      const server = addRegistryServer(name, normalizedUrl);
+      const registryState = ensureValidRegistryState();
+      const syncResult = syncRegistryTargets({ registry: registryState.registry });
+      if (json) {
+        printJson({
+          name,
+          server,
+          actions: syncResult.actions,
+        });
+        return;
+      }
+
+      console.log(`\n  ${AMBER}${BOLD}⬡ triflux mcp add${RESET} ${VER}\n`);
+      console.log(`  ${LINE}`);
+      ok(`${name} 등록됨`);
+      info(normalizedUrl);
+      const updated = syncResult.actions.filter((action) => action.status === "updated").length;
+      info(`동기화 반영: ${updated}개`);
+      console.log("");
+      return;
+    }
+
+    case "remove": {
+      const name = String(args[1] || "").trim();
+      if (!name) {
+        throw createCliError("MCP server name is required", {
+          exitCode: EXIT_ARG_ERROR,
+          reason: "argError",
+          fix: "tfx mcp remove <name>",
+        });
+      }
+
+      ensureValidRegistryState();
+      const removed = removeRegistryServer(name);
+      const cleanup = removeServerFromTargets(name, { targets: removed?.targets });
+      if (json) {
+        printJson({
+          name,
+          removed: Boolean(removed),
+          server: removed,
+          actions: cleanup.actions,
+        });
+        return;
+      }
+
+      console.log(`\n  ${AMBER}${BOLD}⬡ triflux mcp remove${RESET} ${VER}\n`);
+      console.log(`  ${LINE}`);
+      if (removed) ok(`${name} registry에서 제거됨`);
+      else warn(`${name} registry entry 없음`);
+      const changed = cleanup.actions.filter((action) => action.status === "removed").length;
+      info(`설정 제거 반영: ${changed}개`);
+      console.log("");
+      return;
+    }
+
+    default:
+      throw createCliError(`알 수 없는 mcp 서브커맨드: ${sub}`, {
+        exitCode: EXIT_ARG_ERROR,
+        reason: "argError",
+        fix: "tfx mcp help",
+      });
+  }
+}
+
 function checkForUpdate() {
   const cacheFile = join(CLAUDE_DIR, "cache", "triflux-update-check.json");
   const cacheDir = dirname(cacheFile);
@@ -2141,6 +2635,7 @@ ${updateNotice}
     ${DIM}  --fix${RESET}        ${GRAY}진단 + 자동 수정${RESET}
     ${DIM}  --reset${RESET}      ${GRAY}캐시 전체 초기화${RESET}
     ${DIM}  --json${RESET}       ${GRAY}구조화된 진단 결과 JSON 출력${RESET}
+    ${WHITE_BRIGHT}tfx mcp${RESET}        ${GRAY}MCP registry 관리 (list/sync/add/remove)${RESET}
     ${WHITE_BRIGHT}tfx update${RESET}     ${GRAY}최신 안정 버전으로 업데이트${RESET}
     ${DIM}  --dev / dev${RESET}   ${GRAY}dev 태그로 업데이트${RESET}
     ${WHITE_BRIGHT}tfx list${RESET}       ${GRAY}설치된 스킬 목록${RESET}
@@ -2643,6 +3138,9 @@ async function main() {
       await cmdDoctor({ fix, reset, json: JSON_OUTPUT });
       return;
     }
+    case "mcp":
+      cmdMcp(cmdArgs, { json: JSON_OUTPUT });
+      return;
     case "schema":
       cmdSchema(cmdArgs);
       return;

package/hooks/hook-registry.json

@@ -65,6 +65,17 @@
         "timeout": 3,
         "blocking": false,
         "description": "파일 수정 추적 → 교차 리뷰 nudge"
+      },
+      {
+        "id": "tfx-mcp-config-watcher",
+        "source": "triflux",
+        "matcher": "Edit|Write",
+        "command": "node \"${PLUGIN_ROOT}/hooks/mcp-config-watcher.mjs\"",
+        "priority": 1,
+        "enabled": true,
+        "timeout": 3,
+        "blocking": false,
+        "description": "감시 대상 MCP 설정 변경 감지 → stdio MCP 자동 치환"
       }
     ],
     "PostToolUseFailure": [
@@ -105,12 +116,23 @@
         "blocking": false,
         "description": "triflux 환경 초기화"
       },
+      {
+        "id": "tfx-mcp-safety-guard",
+        "source": "triflux",
+        "matcher": "*",
+        "command": "node \"${PLUGIN_ROOT}/scripts/mcp-safety-guard.mjs\"",
+        "priority": 1,
+        "enabled": true,
+        "timeout": 3,
+        "blocking": false,
+        "description": "Gemini stdio MCP 자동 감지 + 제거 (spawn EPERM 방지)"
+      },
       {
         "id": "tfx-hub-ensure",
         "source": "triflux",
         "matcher": "*",
         "command": "node \"${PLUGIN_ROOT}/scripts/hub-ensure.mjs\"",
-        "priority": 1,
+        "priority": 2,
         "enabled": true,
         "timeout": 8,
         "blocking": false,
@@ -121,7 +143,7 @@
         "source": "triflux",
         "matcher": "*",
         "command": "node \"${PLUGIN_ROOT}/scripts/preflight-cache.mjs\"",
-        "priority": 2,
+        "priority": 3,
         "enabled": true,
         "timeout": 5,
         "blocking": false,

package/hooks/mcp-config-watcher.mjs

@@ -0,0 +1,85 @@
+#!/usr/bin/env node
+// hooks/mcp-config-watcher.mjs — PostToolUse:Edit|Write 훅
+//
+// 감시 대상 MCP 설정 파일 변경을 감지해 stdio 서버를 즉시 차단/치환한다.
+// 경로가 watched_paths와 매칭되지 않으면 바로 종료해 일반 편집 성능에 영향이 없도록 한다.
+
+import { readFileSync } from "node:fs";
+import {
+  isWatchedPath,
+  loadRegistry,
+  remediate,
+  scanForStdioServers,
+} from "../scripts/lib/mcp-guard-engine.mjs";
+
+function readStdin() {
+  try {
+    return readFileSync(0, "utf8");
+  } catch {
+    return "";
+  }
+}
+
+function buildSystemMessage(filePath, stdioServers, result) {
+  const lines = [`[mcp-guard] 감시 대상 MCP 설정 변경 감지: ${filePath}`];
+
+  if (result.modified) {
+    const actionLabel = result.replacement ? "자동 치환" : "자동 제거";
+    lines.push(`[mcp-guard] stdio MCP ${actionLabel}: ${stdioServers.map((server) => server.name).join(", ")}`);
+
+    if (result.replacement?.name && result.replacement?.url) {
+      lines.push(`[mcp-guard] 대체 서버: ${result.replacement.name} -> ${result.replacement.url}`);
+    }
+
+    if (result.backupPath) {
+      lines.push(`[mcp-guard] 백업: ${result.backupPath}`);
+    }
+  }
+
+  for (const warning of result.warnings || []) {
+    lines.push(warning);
+  }
+
+  return lines.length > 0 ? lines.join("\n") : "";
+}
+
+function main() {
+  const raw = readStdin();
+  if (!raw.trim()) process.exit(0);
+
+  let input;
+  try {
+    input = JSON.parse(raw);
+  } catch {
+    process.exit(0);
+  }
+
+  const toolName = input.tool_name || "";
+  if (toolName !== "Edit" && toolName !== "Write") process.exit(0);
+
+  const filePath = input.tool_input?.file_path || "";
+  if (!filePath || !isWatchedPath(filePath)) process.exit(0);
+
+  let registry;
+  try {
+    registry = loadRegistry();
+  } catch {
+    process.exit(0);
+  }
+
+  const stdioServers = scanForStdioServers(filePath);
+  if (stdioServers.length === 0) process.exit(0);
+
+  const result = remediate(filePath, stdioServers, registry.policies);
+  const systemMessage = buildSystemMessage(filePath, stdioServers, result);
+
+  if (systemMessage) {
+    process.stdout.write(JSON.stringify({ systemMessage }));
+  }
+}
+
+try {
+  main();
+} catch {
+  process.exit(0);
+}