feat: MCP (Model Context Protocol) integration (#57)

* feat: MCP (Model Context Protocol) integration

Add support for external MCP tool servers as typed sandbox modules.
MCP tools appear as host:mcp-<name> modules — identical to native plugins.

MCP framework:
- Config parser with validation, env var substitution, tool filtering
- Client manager with lazy connect, timeouts, reconnect (max 3)
- Plugin adapter generating TypeScript declarations from tool schemas
- Sanitisation: tool names, descriptions, prompt injection detection
- Approval store with SHA-256 config hashing

Gateway plugin (plugins/mcp/):
- Gates the entire MCP subsystem via normal plugin audit/approve flow
- Individual servers require separate approval via /mcp enable

SDK tools for LLM discovery:
- list_mcp_servers() — configured servers, state, tool counts
- mcp_server_info(name) — detailed info + TypeScript declarations
- manage_mcp(action, name) — connect/disconnect servers

Slash commands: /mcp list|enable|disable|info|approve|revoke

Validator improvements:
- strip_js_comments() — comments stripped once, all checks use clean source
- require(), Buffer, process, __dirname, __filename are now hard errors
- Handler return check with brace-matched scope (not string search)
- Comment-safe parsing prevents false positives from quotes in comments

Other fixes:
- Double-prompt eliminated for plugins with no config schema
- Canary injection findings filtered from audit RATING section
- MCP module author type fixed (system, not mcp)
- Dynamic .d.ts uses export declare function (not bare export)

Docs: docs/MCP.md with config reference, security model, GitHub example
Scripts: just mcp-setup-everything|github|filesystem|show-config
Tests: 33 new tests (config, sanitise, audit, type gen, validator integration)
Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>

* fix: add /mcp commands to help, tab-completion, and history

The /mcp commands were implemented in slash-commands.ts but missing
from the COMMANDS registry in commands.ts. This caused:
- /help not showing MCP commands
- Tab-completion not offering /mcp suggestions
- /mcp commands silently dropped from readline history

Add 6 MCP command entries to COMMANDS array and 'mcp' GROUP_ALIAS
so /help mcp works.

Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>

* fix: address 8 PR review comments

1. approval.ts: mkdir ~/.hyperagent/ before writing (first-run case)
2. config.ts: hash includes allowTools, denyTools, env key names
3. approval.ts: isMCPApproved checks tool list matches approved tools
4. plugin-adapter.ts: quote property names that aren't valid JS identifiers
5. plugins/mcp/index.ts: fix comment to match implementation (sentinel module)
6. index.ts: module_info author fixed to 'system' (was 'mcp')
7. validator.rs: arrow handler param check distinguishes () => from (event) =>
8. validator.rs: strip_js_comments guards against regex literal // sequences

Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>

---------

Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>

Author: simongdavies

.gitignore

@@ -26,6 +26,7 @@ Cargo.lock
 
 # User data — never commit (approvals, config, logs, cache)
 approved-plugins.json
+approved-mcp.json
 fetch-log.jsonl
 config.json
 *.jsonl

Justfile

@@ -569,3 +569,121 @@ k8s-smoke-test:
     echo "════════════════════════════════════════"
     echo ""
     [ "$FAIL" -eq 0 ]
+
+# ── MCP Setup Recipes ───────────────────────────────────────────────
+#
+# Helper recipes to configure MCP servers for testing and examples.
+# These write to ~/.hyperagent/config.json (gitignored).
+
+# Set up the MCP "everything" test server (reference/test server with echo, add, etc.)
+[unix]
+mcp-setup-everything:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    CONFIG_DIR="$HOME/.hyperagent"
+    CONFIG_FILE="$CONFIG_DIR/config.json"
+    mkdir -p "$CONFIG_DIR"
+
+    if [ -f "$CONFIG_FILE" ]; then
+      # Merge into existing config using node
+      node -e "
+        const fs = require('fs');
+        const cfg = JSON.parse(fs.readFileSync('$CONFIG_FILE', 'utf8'));
+        cfg.mcpServers = cfg.mcpServers || {};
+        cfg.mcpServers.everything = {
+          command: 'npx',
+          args: ['-y', '@modelcontextprotocol/server-everything']
+        };
+        fs.writeFileSync('$CONFIG_FILE', JSON.stringify(cfg, null, 2) + '\n');
+      "
+    else
+      echo '{ "mcpServers": { "everything": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-everything"] } } }' \
+        | node -e "process.stdout.write(JSON.stringify(JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')),null,2)+'\n')" \
+        > "$CONFIG_FILE"
+    fi
+    echo "✅ MCP 'everything' server configured in $CONFIG_FILE"
+    echo "   Start the agent and run: /plugin enable mcp && /mcp enable everything"
+
+# Set up the MCP GitHub server (requires GITHUB_TOKEN env var)
+[unix]
+mcp-setup-github:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    CONFIG_DIR="$HOME/.hyperagent"
+    CONFIG_FILE="$CONFIG_DIR/config.json"
+    mkdir -p "$CONFIG_DIR"
+
+    if [ -z "${GITHUB_TOKEN:-}" ]; then
+      echo "⚠️  GITHUB_TOKEN not set. The GitHub MCP server needs it at runtime."
+      echo "   export GITHUB_TOKEN=ghp_your_token_here"
+      echo "   Continuing with config anyway..."
+    fi
+
+    node -e "
+      const fs = require('fs');
+      const path = '$CONFIG_FILE';
+      const cfg = fs.existsSync(path) ? JSON.parse(fs.readFileSync(path, 'utf8')) : {};
+      cfg.mcpServers = cfg.mcpServers || {};
+      cfg.mcpServers.github = {
+        command: 'npx',
+        args: ['-y', '@modelcontextprotocol/server-github'],
+        env: { GITHUB_PERSONAL_ACCESS_TOKEN: '\${GITHUB_TOKEN}' },
+        allowTools: [
+          'list_issues', 'get_issue', 'search_issues',
+          'list_pull_requests', 'get_pull_request',
+          'search_repositories', 'get_file_contents'
+        ],
+        denyTools: ['merge_pull_request', 'delete_branch', 'push_files']
+      };
+      fs.writeFileSync(path, JSON.stringify(cfg, null, 2) + '\n');
+    "
+    echo "✅ MCP 'github' server configured in $CONFIG_FILE"
+    echo "   Requires: export GITHUB_TOKEN=ghp_..."
+    echo "   Start the agent and run: /plugin enable mcp && /mcp enable github"
+
+# Set up the MCP filesystem server (read-only access to a directory)
+[unix]
+mcp-setup-filesystem dir="/tmp/mcp-fs":
+    #!/usr/bin/env bash
+    set -euo pipefail
+    CONFIG_DIR="$HOME/.hyperagent"
+    CONFIG_FILE="$CONFIG_DIR/config.json"
+    DIR="{{ dir }}"
+    mkdir -p "$CONFIG_DIR" "$DIR"
+
+    node -e "
+      const fs = require('fs');
+      const path = '$CONFIG_FILE';
+      const cfg = fs.existsSync(path) ? JSON.parse(fs.readFileSync(path, 'utf8')) : {};
+      cfg.mcpServers = cfg.mcpServers || {};
+      cfg.mcpServers.filesystem = {
+        command: 'npx',
+        args: ['-y', '@modelcontextprotocol/server-filesystem', '$DIR']
+      };
+      fs.writeFileSync(path, JSON.stringify(cfg, null, 2) + '\n');
+    "
+    echo "✅ MCP 'filesystem' server configured in $CONFIG_FILE"
+    echo "   Root directory: $DIR"
+    echo "   Start the agent and run: /plugin enable mcp && /mcp enable filesystem"
+
+# Show current MCP config (if any)
+[unix]
+mcp-show-config:
+    #!/usr/bin/env bash
+    CONFIG_FILE="$HOME/.hyperagent/config.json"
+    if [ -f "$CONFIG_FILE" ]; then
+      node -e "
+        const cfg = JSON.parse(require('fs').readFileSync('$CONFIG_FILE', 'utf8'));
+        if (cfg.mcpServers) {
+          console.log('Configured MCP servers:');
+          for (const [name, s] of Object.entries(cfg.mcpServers)) {
+            console.log('  ' + name + ': ' + s.command + ' ' + (s.args || []).join(' '));
+          }
+        } else {
+          console.log('No MCP servers configured.');
+        }
+      "
+    else
+      echo "No config file found at $CONFIG_FILE"
+      echo "Run: just mcp-setup-everything"
+    fi