refactor(vmcp): unify composite tools and optimizer as session decorators

Both composite tools and the optimizer now implement the MultiSession
decorator pattern (same as hijackPreventionDecorator) rather than having
bespoke SDK wiring in handleSessionRegistrationImpl.

New session decorators:
- session/compositetools: appends composite tools to Tools(), routes
  their CallTool invocations to per-session workflow executors
- session/optimizerdec: replaces Tools() with [find_tool, call_tool];
  find_tool routes through the optimizer, call_tool delegates to the
  underlying session for normal backend routing

sessionmanager.Manager gains DecorateSession() to swap in a wrapped
session after creation. handleSessionRegistrationImpl becomes a flat
decoration sequence (apply compositetools → apply optimizer → register
tools) with no branching on optimizer vs non-optimizer paths.

adapter.WorkflowExecutor/WorkflowResult become type aliases for the
compositetools package types so the two layers share a single definition.
adapter.CreateOptimizerTools is deleted; its logic lives in optimizerdec.

Author: taskbot

pkg/vmcp/composer/testhelpers_test.go

@@ -30,6 +30,12 @@ func newTestEngine(t *testing.T) *testEngine {
 	t.Cleanup(ctrl.Finish)
 
 	mockRouter := routermocks.NewMockRouter(ctrl)
+	// ResolveToolName is called by getToolInputSchema on every tool step.
+	// For tests that use NewWorkflowEngine (no tools list), the result is
+	// always nil, so a pass-through AnyTimes expectation is sufficient.
+	mockRouter.EXPECT().ResolveToolName(gomock.Any(), gomock.Any()).
+		DoAndReturn(func(_ context.Context, name string) (string, error) { return name, nil }).
+		AnyTimes()
 	mockBackend := mocks.NewMockBackendClient(ctrl)
 	engine := NewWorkflowEngine(mockRouter, mockBackend, nil, nil, nil) // nil elicitationHandler, stateStore, and auditor for simple tests
 

pkg/vmcp/composer/workflow_engine.go

@@ -434,7 +434,7 @@ func (e *workflowEngine) executeToolStep(
 	// Coerce expanded arguments to expected types based on backend tool schema.
 	// Template expansion returns strings, but backend tools expect typed values
 	// (integer, boolean, number) as defined in their InputSchema.
-	rawSchema := e.getToolInputSchema(step.Tool)
+	rawSchema := e.getToolInputSchema(ctx, step.Tool)
 	s := schema.MakeSchema(rawSchema)
 	if coerced, ok := s.TryCoerce(expandedArgs).(map[string]any); ok {
 		expandedArgs = coerced
@@ -1250,11 +1250,19 @@ func (e *workflowEngine) auditStepSkipped(
 	}
 }
 
-// getToolInputSchema looks up a tool's InputSchema from the session-bound tools list.
-// Returns nil if the engine has no tools list or the tool is not found.
-func (e *workflowEngine) getToolInputSchema(toolName string) map[string]any {
+// getToolInputSchema looks up a tool's InputSchema from the session-bound tools
+// list. If toolName uses the dot convention "{workloadID}.{originalCapabilityName}",
+// ResolveToolName is called to translate it to the conflict-resolved key before
+// lookup. Returns nil if the engine has no tools list or the tool is not found.
+func (e *workflowEngine) getToolInputSchema(ctx context.Context, toolName string) map[string]any {
+	resolved := toolName
+	if e.router != nil {
+		if r, err := e.router.ResolveToolName(ctx, toolName); err == nil {
+			resolved = r
+		}
+	}
 	for i := range e.tools {
-		if e.tools[i].Name == toolName {
+		if e.tools[i].Name == resolved {
 			return e.tools[i].InputSchema
 		}
 	}

pkg/vmcp/composer/workflow_engine_test.go

@@ -390,6 +390,9 @@ func TestWorkflowEngine_ParallelExecution(t *testing.T) {
 	defer ctrl.Finish()
 
 	mockRouter := routermocks.NewMockRouter(ctrl)
+	mockRouter.EXPECT().ResolveToolName(gomock.Any(), gomock.Any()).
+		DoAndReturn(func(_ context.Context, name string) (string, error) { return name, nil }).
+		AnyTimes()
 	mockBackend := mocks.NewMockBackendClient(ctrl)
 	stateStore := NewInMemoryStateStore(1*time.Minute, 1*time.Hour)
 	engine := NewWorkflowEngine(mockRouter, mockBackend, nil, stateStore, nil)
@@ -752,6 +755,9 @@ func TestWorkflowEngine_SessionEngine_CoercesTemplateStringToTypedArg(t *testing
 	t.Cleanup(ctrl.Finish)
 
 	mockRouter := routermocks.NewMockRouter(ctrl)
+	mockRouter.EXPECT().ResolveToolName(gomock.Any(), gomock.Any()).
+		DoAndReturn(func(_ context.Context, name string) (string, error) { return name, nil }).
+		AnyTimes()
 	mockBackend := mocks.NewMockBackendClient(ctrl)
 
 	tools := []vmcp.Tool{
@@ -810,6 +816,9 @@ func TestWorkflowEngine_SessionEngine_ToolNotInList_ReturnsNilSchema(t *testing.
 	t.Cleanup(ctrl.Finish)
 
 	mockRouter := routermocks.NewMockRouter(ctrl)
+	mockRouter.EXPECT().ResolveToolName(gomock.Any(), gomock.Any()).
+		DoAndReturn(func(_ context.Context, name string) (string, error) { return name, nil }).
+		AnyTimes()
 	mockBackend := mocks.NewMockBackendClient(ctrl)
 
 	// Tools list does not include "other_tool".

pkg/vmcp/router/default_router.go

@@ -89,6 +89,13 @@ func (*defaultRouter) RouteTool(ctx context.Context, toolName string) (*vmcp.Bac
 	)
 }
 
+// ResolveToolName returns toolName unchanged. The defaultRouter has no static
+// routing table, so dot-convention resolution is not available; the caller
+// should already be using resolved names when working with this router.
+func (*defaultRouter) ResolveToolName(_ context.Context, toolName string) (string, error) {
+	return toolName, nil
+}
+
 // RouteResource resolves a resource URI to its backend target.
 // With lazy discovery, this method gets capabilities from the request context
 // instead of using a cached routing table.

pkg/vmcp/router/mocks/mock_router.go

@@ -28,6 +28,13 @@ type Router interface {
 	// Returns ErrToolNotFound if the tool doesn't exist in any backend.
 	RouteTool(ctx context.Context, toolName string) (*vmcp.BackendTarget, error)
 
+	// ResolveToolName translates a tool name (which may use the dot-convention
+	// "{workloadID}.{originalCapabilityName}") to the conflict-resolved routing
+	// table key used in the session tools list. Returns the input unchanged if
+	// it already matches exactly or if the router has no routing table.
+	// Returns ErrToolNotFound if the name cannot be resolved.
+	ResolveToolName(ctx context.Context, toolName string) (string, error)
+
 	// RouteResource resolves a resource URI to its backend target.
 	// Returns ErrResourceNotFound if the resource doesn't exist in any backend.
 	RouteResource(ctx context.Context, uri string) (*vmcp.BackendTarget, error)

pkg/vmcp/router/router.go

@@ -6,6 +6,7 @@ package router
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/stacklok/toolhive/pkg/vmcp"
 )
@@ -28,15 +29,74 @@ func NewSessionRouter(rt *vmcp.RoutingTable) Router {
 
 // RouteTool resolves a tool name to its backend target using the session's
 // routing table directly.
+//
+// Two naming conventions are supported:
+//
+//  1. Exact key: the resolved/conflict-resolved name stored in the routing
+//     table (e.g. "my-backend_echo" after prefix conflict resolution).
+//
+//  2. Dot convention "{workloadID}.{toolName}": the tool name is the original
+//     backend capability name and the workload ID is the prefix. This mirrors
+//     the isToolStepAccessible logic used when registering composite tools and
+//     lets workflow step definitions remain stable regardless of the conflict
+//     resolution strategy in use.
+//
+// The dot convention is necessary because composite workflow steps reference
+// tools by their pre-conflict-resolution name (e.g. "my-backend.echo"), while
+// the routing table may store them under a prefixed key ("my-backend_echo").
 func (r *sessionRouter) RouteTool(_ context.Context, toolName string) (*vmcp.BackendTarget, error) {
 	if r.routingTable == nil || r.routingTable.Tools == nil {
 		return nil, fmt.Errorf("%w: %s", ErrToolNotFound, toolName)
 	}
-	target, exists := r.routingTable.Tools[toolName]
-	if !exists {
-		return nil, fmt.Errorf("%w: %s", ErrToolNotFound, toolName)
+
+	// Fast path: exact key match.
+	if target, exists := r.routingTable.Tools[toolName]; exists {
+		return target, nil
 	}
-	return target, nil
+
+	// Fallback: dot convention "{workloadID}.{toolName}".
+	// Workload IDs are Kubernetes resource names and cannot contain dots,
+	// so the first dot unambiguously separates the workload ID from the
+	// original backend capability name.
+	if dotIdx := strings.Index(toolName, "."); dotIdx > 0 {
+		workloadID := toolName[:dotIdx]
+		capName := toolName[dotIdx+1:]
+		for resolvedName, target := range r.routingTable.Tools {
+			if target.WorkloadID == workloadID && target.GetBackendCapabilityName(resolvedName) == capName {
+				return target, nil
+			}
+		}
+	}
+
+	return nil, fmt.Errorf("%w: %s", ErrToolNotFound, toolName)
+}
+
+// ResolveToolName returns the routing table key (conflict-resolved name) for
+// toolName. If toolName is an exact key it is returned unchanged. If it uses
+// the dot convention "{workloadID}.{originalCapabilityName}", the matching
+// routing table key is returned. Returns ErrToolNotFound if unresolvable.
+func (r *sessionRouter) ResolveToolName(_ context.Context, toolName string) (string, error) {
+	if r.routingTable == nil || r.routingTable.Tools == nil {
+		return "", fmt.Errorf("%w: %s", ErrToolNotFound, toolName)
+	}
+
+	// Fast path: exact key match.
+	if _, exists := r.routingTable.Tools[toolName]; exists {
+		return toolName, nil
+	}
+
+	// Fallback: dot convention "{workloadID}.{toolName}".
+	if dotIdx := strings.Index(toolName, "."); dotIdx > 0 {
+		workloadID := toolName[:dotIdx]
+		capName := toolName[dotIdx+1:]
+		for resolvedName, target := range r.routingTable.Tools {
+			if target.WorkloadID == workloadID && target.GetBackendCapabilityName(resolvedName) == capName {
+				return resolvedName, nil
+			}
+		}
+	}
+
+	return "", fmt.Errorf("%w: %s", ErrToolNotFound, toolName)
 }
 
 // RouteResource resolves a resource URI to its backend target using the

pkg/vmcp/router/session_router.go

@@ -65,6 +65,54 @@ func TestSessionRouter_RouteTool(t *testing.T) {
 			expectError:   true,
 			errorContains: "tool not found",
 		},
+		{
+			// Composite workflow steps use "{workloadID}.{toolName}" where toolName
+			// is the original backend capability name. With prefix conflict resolution
+			// the routing table key is "{workloadID}_toolName", so an exact match
+			// fails. The dot-convention fallback must resolve it correctly.
+			name: "dot convention resolved via workload ID and original capability name",
+			routingTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"my-backend_echo": {
+						WorkloadID:             "my-backend",
+						WorkloadName:           "My Backend",
+						BaseURL:                "http://my-backend:8080",
+						OriginalCapabilityName: "echo",
+					},
+				},
+			},
+			toolName:    "my-backend.echo",
+			expectedID:  "my-backend",
+			expectError: false,
+		},
+		{
+			name: "dot convention: workload not in session",
+			routingTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"other-backend_echo": {
+						WorkloadID:             "other-backend",
+						OriginalCapabilityName: "echo",
+					},
+				},
+			},
+			toolName:      "my-backend.echo",
+			expectError:   true,
+			errorContains: "tool not found",
+		},
+		{
+			name: "dot convention: capability name mismatch",
+			routingTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"my-backend_echo": {
+						WorkloadID:             "my-backend",
+						OriginalCapabilityName: "echo",
+					},
+				},
+			},
+			toolName:      "my-backend.fetch",
+			expectError:   true,
+			errorContains: "tool not found",
+		},
 	}
 
 	for _, tt := range tests {
@@ -87,6 +135,74 @@ func TestSessionRouter_RouteTool(t *testing.T) {
 	}
 }
 
+func TestSessionRouter_ResolveToolName(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name          string
+		routingTable  *vmcp.RoutingTable
+		toolName      string
+		expectedName  string
+		expectError   bool
+		errorContains string
+	}{
+		{
+			name: "exact key returned unchanged",
+			routingTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"my-backend_echo": {WorkloadID: "my-backend", OriginalCapabilityName: "echo"},
+				},
+			},
+			toolName:     "my-backend_echo",
+			expectedName: "my-backend_echo",
+		},
+		{
+			name: "dot convention resolves to routing table key",
+			routingTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"my-backend_echo": {WorkloadID: "my-backend", OriginalCapabilityName: "echo"},
+				},
+			},
+			toolName:     "my-backend.echo",
+			expectedName: "my-backend_echo",
+		},
+		{
+			name: "not found returns error",
+			routingTable: &vmcp.RoutingTable{
+				Tools: make(map[string]*vmcp.BackendTarget),
+			},
+			toolName:      "missing_tool",
+			expectError:   true,
+			errorContains: "tool not found",
+		},
+		{
+			name:          "nil routing table returns error",
+			routingTable:  nil,
+			toolName:      "any_tool",
+			expectError:   true,
+			errorContains: "tool not found",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			r := router.NewSessionRouter(tt.routingTable)
+			resolved, err := r.ResolveToolName(context.Background(), tt.toolName)
+
+			if tt.expectError {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tt.errorContains)
+				assert.Empty(t, resolved)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.expectedName, resolved)
+			}
+		})
+	}
+}
+
 func TestSessionRouter_RouteResource(t *testing.T) {
 	t.Parallel()
 

pkg/vmcp/router/session_router_test.go

@@ -19,6 +19,7 @@ import (
 	"github.com/stacklok/toolhive/pkg/vmcp/conversion"
 	"github.com/stacklok/toolhive/pkg/vmcp/discovery"
 	"github.com/stacklok/toolhive/pkg/vmcp/router"
+	"github.com/stacklok/toolhive/pkg/vmcp/session/compositetools"
 )
 
 //go:generate mockgen -destination=mocks/mock_handler_factory.go -package=mocks github.com/stacklok/toolhive/pkg/vmcp/server/adapter HandlerFactory
@@ -43,20 +44,13 @@ type HandlerFactory interface {
 }
 
 // WorkflowExecutor executes composite tool workflows.
-// This interface abstracts the composer to enable testing without full composer setup.
-type WorkflowExecutor interface {
-	// ExecuteWorkflow executes the workflow with the given parameters.
-	ExecuteWorkflow(ctx context.Context, params map[string]any) (*WorkflowResult, error)
-}
+// Type alias for compositetools.WorkflowExecutor so that adapter consumers and
+// the session decorator share a single interface definition.
+type WorkflowExecutor = compositetools.WorkflowExecutor
 
 // WorkflowResult represents the result of a workflow execution.
-type WorkflowResult struct {
-	// Output contains the workflow output data (typically from the last step).
-	Output map[string]any
-
-	// Error contains error information if the workflow failed.
-	Error error
-}
+// Type alias for compositetools.WorkflowResult.
+type WorkflowResult = compositetools.WorkflowResult
 
 // DefaultHandlerFactory creates MCP request handlers that route to backend workloads.
 type DefaultHandlerFactory struct {