Implement MCP server with 29 tools

[alexey-pelykh]

Summary

Implement the MCP (Model Context Protocol) server that exposes 29 RemoteClaw-specific tools to CLI subprocess agents. This is the C2 component — the mechanism by which CLI agents (Claude, Gemini, Codex, OpenCode) can interact with RemoteClaw's sessions, messaging, cron, and gateway systems.

Architecture

Lifecycle Model

ChannelBridge (gateway process)
    |
    | 1. Builds McpServerConfig, passes via AgentExecuteParams.mcpServers
    | 2. Spawns CLI subprocess (runtime handles config format internally)
    v
CLI Agent (claude/gemini/codex/opencode)
    |
    | 3. Reads MCP config, spawns MCP server as child
    v
remoteclaw-mcp-server (stdio subprocess of CLI agent)
    |
    | 4. Connects to gateway via WebSocket RPC
    | 5. Handles MCP tool calls by invoking gateway RPCs
    | 6. Appends side effects to temp file (NDJSON)
    v
Gateway WebSocket RPC (existing infrastructure)

Per-invocation: Each CLI subprocess invocation gets a fresh MCP server. The MCP server starts when the CLI agent spawns it, dies when the CLI agent exits. Clean isolation, no cross-session state.

Transport: Stdio — the only transport supported by all 4 CLIs.

Per-Runtime Config Generation (already implemented)

Per-runtime MCP config generation is already implemented in each runtime's *McpConfigManager class (from ClaudeCliRuntime (#8)–015):

Runtime	Mechanism	Implemented In
Claude	Inline JSON via --mcp-config flag	runtimes/claude.ts
Gemini	Merge-restore .gemini/settings.json	GeminiMcpConfigManager
Codex	TOML serialization into config.toml	CodexMcpConfigManager
OpenCode	Merge-restore opencode.json	OpenCodeMcpConfigManager

All runtimes accept a uniform McpServerConfig via AgentExecuteParams.mcpServers and handle format translation internally. MCP server (#30) only needs to define the McpServerConfig shape that ChannelBridge passes (env vars for gateway URL, token, session key, side effects path, channel info).

Configuration (environment variables)

The MCP server receives its context via environment variables set by ChannelBridge:

Variable	Purpose
REMOTECLAW_GATEWAY_URL	Gateway WebSocket URL (e.g., ws://127.0.0.1:18789)
REMOTECLAW_GATEWAY_TOKEN	Gateway auth token
REMOTECLAW_SESSION_KEY	Current session key
REMOTECLAW_SIDE_EFFECTS_FILE	Temp file path for side effects NDJSON
REMOTECLAW_CHANNEL	Originating channel (e.g., telegram)
REMOTECLAW_ACCOUNT_ID	Originating account ID
REMOTECLAW_TO	Originating delivery target
REMOTECLAW_THREAD_ID	Originating thread/topic ID

Tool Inventory (29 tools)

Session Management (7 tools)

MCP Tool Name	Source	Parameters	Side Effect?
sessions_list	sessions-list-tool.ts	filter?, limit?	No
sessions_history	sessions-history-tool.ts	sessionKey, limit?	No
sessions_send	sessions-send-tool.ts	sessionKey/label, message, timeout?	Yes (messaging)
sessions_spawn	sessions-spawn-tool.ts	agentId?, channel?, prompt	No
session_status	session-status-tool.ts	(current session info)	No
agents_list	agents-list-tool.ts	(list configured agents)	No
subagents	subagents-tool.ts	action, params	No

Channel Messaging (10 tools)

MCP Tool Name	Source Action	Parameters	Side Effect?
message_send	message:send	target, message, media?	Yes
message_reply	message:reply	message, replyToId?	Yes
message_thread_reply	message:thread-reply	message, threadId	Yes
message_broadcast	message:broadcast	targets[], message	Yes
message_react	message:react	emoji, messageId	No
message_delete	message:delete	messageId	No
message_send_attachment	message:sendAttachment	target, file, caption?	Yes
message_send_with_effect	message:sendWithEffect	target, message, effectId	Yes
message_pin	message:pin	messageId	No
message_read	message:readMessages	channelId, limit?	No

Cron Scheduling (7 tools)

MCP Tool Name	Source Action	Parameters	Side Effect?
cron_status	cron:status	(overview)	No
cron_list	cron:list	filter?	No
cron_add	cron:add	job spec	Yes (cronAdds)
cron_update	cron:update	jobId, updates	No
cron_remove	cron:remove	jobId	No
cron_run	cron:run	jobId	No
cron_runs	cron:runs	jobId?, limit?	No

Gateway Admin (5 tools)

MCP Tool Name	Source Action	Parameters
gateway_restart	gateway:restart	(none)
gateway_config_get	gateway:config.get	key?
gateway_config_apply	gateway:config.apply	config
gateway_config_patch	gateway:config.patch	patches
gateway_config_schema	gateway:config.schema	(none)

NOT Exposed (middleware boundary principle)

Tool	Reason
web_search, web_fetch	CLI agents have native equivalents
browser, image, tts	CLI agents have native equivalents or MCP-based
canvas, nodes	Requires rendering/pairing layer
memory_search, memory_get	Deferred to v0.2.0

Side Effects Protocol

File-based NDJSON protocol for tracking MCP messaging side effects:

{"type":"message_sent","tool":"message","provider":"telegram","to":"group:123","text":"Hello","mediaUrl":null,"ts":1708905600000}
{"type":"cron_added","jobId":"job-xyz","ts":1708905602000}

Why file-based: ChannelBridge creates a temp file path; the MCP server appends side effects as NDJSON lines. After CLI subprocess exits, ChannelBridge reads the file. Robust even if MCP server crashes (partial file is valid NDJSON).

Side effect recording tools:

• Messaging: message_send, message_reply, message_thread_reply, message_broadcast, message_send_attachment, message_send_with_effect, sessions_send → recordMessageSent()
• Cron: cron_add → recordCronAdd()

No race condition: CLI agent blocks on MCP tool responses, so the sequence is always: CLI sends request → MCP processes + writes side effect → MCP responds → CLI continues. When CLI exits, all side effects are on disk.

Tool Policy Integration

The MCP server applies the same tool policy pipeline as the existing /tools/invoke HTTP endpoint:

• Tool allowlisting/denylisting is respected
• Per-agent, per-channel, per-group policies apply
• Subagent tool restrictions are enforced

At startup, the MCP server loads config, resolves policies, and only registers allowed tools.

Implementation Approach

New Files

File	Purpose	Est. Lines
src/middleware/mcp-server.ts	MCP server entry point + stdio transport setup	~80
src/middleware/mcp-tools.ts	Tool registration (schema generation from existing tool schemas)	~150
src/middleware/mcp-handlers/session.ts	Session tool handlers (7 tools)	~100
src/middleware/mcp-handlers/message.ts	Message tool handlers (10 tools)	~150
src/middleware/mcp-handlers/cron.ts	Cron tool handlers (7 tools)	~100
src/middleware/mcp-handlers/gateway.ts	Gateway admin tool handlers (5 tools)	~75
src/middleware/mcp-side-effects.ts	Side effects collector (NDJSON writer) + reader	~100

Modified Files

File	Change
src/middleware/types.ts	May need minor additions for MCP-related types

Test Files

File	Coverage
src/middleware/mcp-side-effects.test.ts	Side effects writer + reader
src/middleware/mcp-tools.test.ts	Tool registration, schema generation
src/middleware/mcp-handlers/*.test.ts	Tool handler invocation (mock gateway RPC)

Estimated total: ~755 LoC (not counting tests) + ~500 LoC tests

(Reduced from original ~1,180 estimate — per-runtime config generation (~425 LoC) already exists in ClaudeCliRuntime (#8)–015.)

Tool Implementations

Each MCP tool handler is a thin adapter layer that:

1. Receives MCP tool input (JSON Schema-validated by MCP SDK)
2. Translates to a callGatewayTool() RPC call (using existing gateway RPC infrastructure)
3. Records side effects (for messaging and cron tools)
4. Returns MCP-formatted result

The tool handlers wrap existing src/agents/tools/ code — specifically sessions, messaging, cron, and gateway tools. They do NOT wrap the pi-embedded tools (web, browser, image, TTS) being gutted in M3.

Key Dependencies

What	Status
@modelcontextprotocol/sdk	npm dependency to add
AgentRuntime interface (PR #4)	Done
McpServerConfig type (PR #4)	Done — already in types.ts
McpSideEffects type (PR #4)	Done — already in types.ts
Per-runtime MCP config (ClaudeCliRuntime (#8)–015)	Done — *McpConfigManager classes
Existing src/agents/tools/	Upstream code, wrapping only

Acceptance Criteria

• src/middleware/mcp-server.ts (and supporting files) expose 29 RemoteClaw-specific tools via MCP
• Tool categories: 7 session management, 10 channel messaging, 7 cron scheduling, 5 gateway admin
• Server uses per-invocation stdio lifecycle (spawned per CLI agent invocation, not long-running)
• Side effects recorded via file-based NDJSON protocol for McpSideEffectsCollector consumption
• Tool implementations wrap existing src/agents/tools/ code (thin adapter layer)
• Generic capabilities (web fetch/search, browser, image, TTS) are NOT exposed (middleware boundary principle)
• Unit tests cover tool registration, invocation, and side effects recording
• pnpm build passes