socket-link
diff --git a/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/mcp/McpClient.kt‎
Lines changed: 100 additions & 0 deletions b/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/mcp/McpClient.kt‎
Lines changed: 100 additions & 0 deletions
diff --git a/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/mcp/McpCredentialBinding.kt‎
Lines changed: 79 additions & 0 deletions b/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/mcp/McpCredentialBinding.kt‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/plugin/McpServerDependency.kt‎
Lines changed: 30 additions & 0 deletions b/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/plugin/McpServerDependency.kt‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/plugin/PluginContext.kt‎
Lines changed: 157 additions & 0 deletions b/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/plugin/PluginContext.kt‎
Lines changed: 157 additions & 0 deletions
diff --git a/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/plugin/PluginManifest.kt‎
Lines changed: 3 additions & 2 deletions b/‎ampere-core/src/commonMain/kotlin/link/socket/ampere/plugin/PluginManifest.kt‎
Lines changed: 3 additions & 2 deletions
@@ -0,0 +1,100 @@
+package link.socket.ampere.mcp
+
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
+import kotlinx.serialization.json.JsonElement
+import link.socket.ampere.agents.tools.mcp.McpProtocol
+import link.socket.ampere.agents.tools.mcp.McpServerConfiguration
+import link.socket.ampere.agents.tools.mcp.connection.HttpClientHandler
+import link.socket.ampere.agents.tools.mcp.connection.HttpMcpConnection
+import link.socket.ampere.agents.tools.mcp.connection.McpServerConnection
+import link.socket.ampere.agents.tools.mcp.protocol.McpToolDescriptor
+import link.socket.ampere.agents.tools.mcp.protocol.ToolCallResult
+import link.socket.ampere.plugin.McpServerDependency
+
+/**
+ * Plugin-facing facade over an MCP server connection.
+ *
+ * Wraps an [McpServerConnection] (default [HttpMcpConnection]) with the
+ * dependency declaration plus credential resolution, so plugin call sites
+ * stay free of transport details. JSON-RPC framing remains in
+ * [link.socket.ampere.agents.tools.mcp.protocol.McpClient]; this class
+ * doesn't reimplement it.
+ *
+ * The [connectionFactory] seam exists so tests can substitute mock
+ * connections without touching the production HTTP path.
+ *
+ * Lifecycle:
+ * 1. [connect] — resolve credential, build the connection, run handshake.
+ * 2. [listTools] — query tool descriptors from the server.
+ * 3. [callTool] — invoke a remote tool.
+ * 4. [close] — disconnect and release transport resources.
+ */
+class McpClient(
+    private val dependency: McpServerDependency,
+    private val credentialBinding: McpCredentialBinding,
+    private val linkId: LinkId,
+    private val connectionFactory: (McpServerDependency, McpCredential?) -> McpServerConnection =
+        ::defaultHttpConnection,
+) {
+    private val mutex = Mutex()
+    private var connection: McpServerConnection? = null
+
+    val isConnected: Boolean
+        get() = connection?.isConnected == true
+
+    suspend fun connect(): Result<Unit> = mutex.withLock {
+        val existing = connection
+        if (existing != null && existing.isConnected) {
+            return Result.success(Unit)
+        }
+
+        val credentialResult = credentialBinding.resolve(linkId, dependency.uri)
+        val credential = credentialResult.getOrElse { return Result.failure(it) }
+
+        val newConnection = connectionFactory(dependency, credential)
+        connection = newConnection
+
+        return newConnection.connect()
+            .mapCatching {
+                newConnection.initialize().getOrThrow()
+                Unit
+            }
+    }
+
+    suspend fun listTools(): Result<List<McpToolDescriptor>> {
+        val active = connection
+            ?: return Result.failure(IllegalStateException("McpClient must connect() before listTools()"))
+        return active.listTools()
+    }
+
+    suspend fun callTool(name: String, arguments: JsonElement?): Result<ToolCallResult> {
+        val active = connection
+            ?: return Result.failure(IllegalStateException("McpClient must connect() before callTool()"))
+        return active.invokeTool(name, arguments)
+    }
+
+    suspend fun close(): Result<Unit> = mutex.withLock {
+        val active = connection ?: return Result.success(Unit)
+        return active.disconnect().also { connection = null }
+    }
+}
+
+/**
+ * Default factory: builds an [HttpMcpConnection] from a dependency plus the
+ * resolved credential. Used unless the caller injects a different factory
+ * (typically for tests).
+ */
+fun defaultHttpConnection(
+    dependency: McpServerDependency,
+    credential: McpCredential?,
+): McpServerConnection {
+    val config = McpServerConfiguration(
+        id = dependency.name,
+        displayName = dependency.name,
+        protocol = McpProtocol.HTTP,
+        endpoint = dependency.uri,
+        authToken = credential?.authToken,
+    )
+    return HttpMcpConnection(config, HttpClientHandler())
+}
@@ -0,0 +1,79 @@
+package link.socket.ampere.mcp
+
+import kotlin.jvm.JvmInline
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
+import kotlinx.serialization.Serializable
+
+/**
+ * Identifier for a Link — the user-bound authorization scope under which
+ * an MCP credential is stored.
+ *
+ * The Link concept is upcoming work; modeling it as a value class lets the
+ * eventual store interface match without a churn cycle.
+ */
+@JvmInline
+@Serializable
+value class LinkId(val value: String)
+
+/**
+ * Credential material a plugin's [McpClient] surfaces into its connection
+ * layer when calling an MCP server.
+ *
+ * Today only [authToken] is captured; future fields (refresh token, OAuth
+ * metadata) can be added without breaking the binding contract.
+ */
+@Serializable
+data class McpCredential(
+    val authToken: String? = null,
+)
+
+/**
+ * Storage contract for credentials a plugin uses to talk to an MCP server.
+ *
+ * Implementations are scoped per Link so credentials revocations follow the
+ * Link lifecycle. The interface intentionally avoids leaking implementation
+ * concerns (transactionality, persistence, encryption) so the upcoming
+ * Link-backed store can drop in.
+ */
+interface McpCredentialBinding {
+    suspend fun bind(linkId: LinkId, mcpUri: String, credential: McpCredential): Result<Unit>
+
+    suspend fun resolve(linkId: LinkId, mcpUri: String): Result<McpCredential?>
+
+    suspend fun unbind(linkId: LinkId, mcpUri: String): Result<Unit>
+}
+
+/**
+ * In-memory [McpCredentialBinding] suitable for tests and single-process
+ * environments. The persistent Link-backed implementation lands separately.
+ */
+class InMemoryMcpCredentialBinding : McpCredentialBinding {
+
+    private val mutex = Mutex()
+    private val store = mutableMapOf<Pair<LinkId, String>, McpCredential>()
+
+    override suspend fun bind(
+        linkId: LinkId,
+        mcpUri: String,
+        credential: McpCredential,
+    ): Result<Unit> = mutex.withLock {
+        store[linkId to mcpUri] = credential
+        Result.success(Unit)
+    }
+
+    override suspend fun resolve(
+        linkId: LinkId,
+        mcpUri: String,
+    ): Result<McpCredential?> = mutex.withLock {
+        Result.success(store[linkId to mcpUri])
+    }
+
+    override suspend fun unbind(
+        linkId: LinkId,
+        mcpUri: String,
+    ): Result<Unit> = mutex.withLock {
+        store.remove(linkId to mcpUri)
+        Result.success(Unit)
+    }
+}
@@ -0,0 +1,30 @@
+package link.socket.ampere.plugin
+
+import kotlinx.serialization.Serializable
+import link.socket.ampere.plugin.permission.PluginPermission
+
+/**
+ * Declares an MCP server that a plugin depends on at runtime.
+ *
+ * Each declared dependency must be matched by a corresponding
+ * [PluginPermission.MCPServer] entry in [PluginManifest.requiredPermissions]
+ * so the user grant flow can authorize the plugin's access to it.
+ *
+ * @property name Local handle used by the plugin to reference the server
+ *   (e.g., `"notion"`). Distinct from the connection [uri] so plugins can
+ *   reference servers symbolically.
+ * @property uri The MCP server endpoint (e.g., `"mcp://..."` or
+ *   `"https://..."`). Used both to dial the server and to match the
+ *   [PluginPermission.MCPServer] grant.
+ * @property requiredPermissions Permissions the plugin will exercise via
+ *   this server. Each must also appear in
+ *   [PluginManifest.requiredPermissions]; otherwise the manifest validator
+ *   surfaces a diagnostic so the plugin author can lift the permission to
+ *   the top-level grant scope.
+ */
+@Serializable
+data class McpServerDependency(
+    val name: String,
+    val uri: String,
+    val requiredPermissions: List<PluginPermission> = emptyList(),
+)
@@ -0,0 +1,157 @@
+package link.socket.ampere.plugin
+
+import link.socket.ampere.agents.config.AgentActionAutonomy
+import link.socket.ampere.agents.execution.tools.McpTool
+import link.socket.ampere.agents.execution.tools.Tool
+import link.socket.ampere.agents.tools.mcp.connection.McpServerConnection
+import link.socket.ampere.mcp.LinkId
+import link.socket.ampere.mcp.McpClient
+import link.socket.ampere.mcp.McpCredential
+import link.socket.ampere.mcp.McpCredentialBinding
+import link.socket.ampere.mcp.defaultHttpConnection
+
+/**
+ * Runtime context for an active plugin instance.
+ *
+ * Bundles a validated [PluginManifest] together with the plugin's native
+ * tools and the [McpClient] instances opened for each declared
+ * [McpServerDependency]. The MCP tools discovered from each server are
+ * exposed through [availableTools] alongside any native tools, and each
+ * carries the originating manifest so [PluginPermissionGate][link.socket.ampere.plugin.permission.PluginPermissionGate]
+ * still gates dispatch.
+ *
+ * Construction goes through [create]. It validates the manifest, opens an
+ * [McpClient] per dependency, runs the handshake, lists tools, and wraps
+ * each descriptor as an [McpTool]. Server failures are surfaced per server
+ * (mirroring the existing [link.socket.ampere.agents.tools.mcp.McpServerManager]
+ * resilience pattern) so one bad server doesn't kill the plugin.
+ *
+ * Tools are dispatched through
+ * [link.socket.ampere.propel.ExecuteStep], which resolves the right
+ * [McpClient] via [mcpClientFor].
+ */
+class PluginContext private constructor(
+    val manifest: PluginManifest,
+    private val nativeTools: List<Tool<*>>,
+    private val mcpClientsByUri: Map<String, McpClient>,
+    private val mcpToolsByServerUri: Map<String, List<McpTool>>,
+    val serverFailures: List<PluginContextServerFailure>,
+) {
+
+    fun availableTools(): List<Tool<*>> =
+        nativeTools + mcpToolsByServerUri.values.flatten()
+
+    /**
+     * Looks up the [McpClient] responsible for a tool's originating server.
+     *
+     * Returns null for tools without a matching server (e.g., a stale
+     * [McpTool] referencing a server that failed to come up).
+     */
+    fun mcpClientFor(tool: McpTool): McpClient? =
+        mcpClientsByUri[tool.serverId]
+
+    suspend fun close(): Result<Unit> {
+        val errors = mutableListOf<Throwable>()
+        mcpClientsByUri.values.forEach { client ->
+            client.close().onFailure { errors += it }
+        }
+        return if (errors.isEmpty()) {
+            Result.success(Unit)
+        } else {
+            Result.failure(errors.first())
+        }
+    }
+
+    companion object {
+        suspend fun create(
+            manifest: PluginManifest,
+            credentialBinding: McpCredentialBinding,
+            linkId: LinkId,
+            nativeTools: List<Tool<*>> = emptyList(),
+            connectionFactory: (McpServerDependency, McpCredential?) -> McpServerConnection =
+                ::defaultHttpConnection,
+        ): Result<PluginContext> {
+            val validation = PluginManifestValidator.validate(manifest)
+            if (validation is ManifestValidationResult.Invalid) {
+                return Result.failure(
+                    PluginManifestValidationException(validation.reasons),
+                )
+            }
+
+            val clientsByUri = mutableMapOf<String, McpClient>()
+            val toolsByUri = mutableMapOf<String, List<McpTool>>()
+            val failures = mutableListOf<PluginContextServerFailure>()
+
+            manifest.mcpServers.forEach { dependency ->
+                val client = McpClient(
+                    dependency = dependency,
+                    credentialBinding = credentialBinding,
+                    linkId = linkId,
+                    connectionFactory = connectionFactory,
+                )
+
+                val connectResult = client.connect()
+                if (connectResult.isFailure) {
+                    failures += PluginContextServerFailure(
+                        dependency = dependency,
+                        cause = connectResult.exceptionOrNull(),
+                    )
+                    client.close()
+                    return@forEach
+                }
+
+                val toolsResult = client.listTools()
+                val descriptors = toolsResult.getOrElse { error ->
+                    failures += PluginContextServerFailure(
+                        dependency = dependency,
+                        cause = error,
+                    )
+                    client.close()
+                    return@forEach
+                }
+
+                clientsByUri[dependency.uri] = client
+                toolsByUri[dependency.uri] = descriptors.map { descriptor ->
+                    McpTool(
+                        id = "${dependency.name}:${descriptor.name}",
+                        name = descriptor.name,
+                        description = descriptor.description,
+                        requiredAgentAutonomy = AgentActionAutonomy.ACT_WITH_NOTIFICATION,
+                        pluginManifest = manifest,
+                        serverId = dependency.uri,
+                        remoteToolName = descriptor.name,
+                        inputSchema = descriptor.inputSchema,
+                    )
+                }
+            }
+
+            return Result.success(
+                PluginContext(
+                    manifest = manifest,
+                    nativeTools = nativeTools,
+                    mcpClientsByUri = clientsByUri,
+                    mcpToolsByServerUri = toolsByUri,
+                    serverFailures = failures,
+                ),
+            )
+        }
+    }
+}
+
+/**
+ * Captures a per-server failure encountered during [PluginContext.create].
+ *
+ * Surfaced rather than thrown so a single misbehaving MCP server doesn't
+ * fail the rest of the plugin's tools.
+ */
+data class PluginContextServerFailure(
+    val dependency: McpServerDependency,
+    val cause: Throwable?,
+)
+
+/**
+ * Thrown when a manifest fails validation during [PluginContext.create].
+ */
+class PluginManifestValidationException(
+    val reasons: List<ManifestValidationReason>,
+) : Exception("Plugin manifest validation failed: $reasons")
@@ -6,8 +6,8 @@ import link.socket.ampere.plugin.permission.PluginPermission
 /**
  * Manifest metadata for a plugin and the permissions it requires at runtime.
  *
- * [requiredPermissions] defaults to empty so manifests created before the
- * permission schema continue to decode unchanged.
+ * [requiredPermissions] and [mcpServers] default to empty so manifests created
+ * before each schema addition continue to decode unchanged.
  */
 @Serializable
 data class PluginManifest(
@@ -17,4 +17,5 @@ data class PluginManifest(
     val description: String? = null,
     val entrypoint: String? = null,
     val requiredPermissions: List<PluginPermission> = emptyList(),
+    val mcpServers: List<McpServerDependency> = emptyList(),
 )