fix(proxy): use MCP-native evolution when --evolve is set (no stdin blocking)

elliot35 · elliot35 · commit 3a2ce576b7ec · 2026-02-12T17:12:31.000+11:00
Policy evolution with the MCP proxy was previously wired at the gateway using
createCliEvolutionHandler(), which prompts on stderr and blocks stdin. That
conflicts with the MCP stdio transport used by the proxy.

- Move evolution handling into MCPProxyServer via McpEvolutionHandler.
- On deny, return a structured response with a suggestion ID so the agent can
  present it in chat.
- Expose policy_evolution_approve tool so the agent can relay the user's
  decision and apply the change without terminal I/O.
- CLI: set proxyConfig.enableEvolution = true instead of gateway-level
  policyEvolution with CLI handler.
- Export McpEvolutionHandler from the package for custom integrations.

Fixes evolution when running det-acp proxy --evolve with MCP over stdio.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.4.1] - 2026-02-12
+
+### Fixed
+
+- **Policy evolution with MCP proxy** — When using `det-acp proxy --evolve`, evolution was previously wired at the gateway with a CLI handler that prompted on stderr, blocking stdin and conflicting with the MCP stdio transport. Evolution is now handled inside the MCP proxy via an MCP-native flow: on deny the proxy returns a structured response with a suggestion ID; the agent presents the suggestion in chat and can call the `policy_evolution_approve` tool to apply the user's decision. No terminal blocking; exports `McpEvolutionHandler` for custom integrations.
+
+---
+
 ## [0.4.0] - 2026-02-12
 
 ### Added
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@det-acp/core",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Agent Governance Gateway — bounded, auditable, session-aware control for AI agents with MCP proxy, shell proxy, and HTTP API",
   "type": "module",
   "main": "dist/index.js",
diff --git a/src/cli/index.ts b/src/cli/index.ts
@@ -26,7 +26,6 @@ import { ShellProxy } from '../proxy/shell-proxy.js';
 import { MCPProxyServer } from '../proxy/mcp-proxy.js';
 import { MCPProxyConfigSchema } from '../proxy/mcp-types.js';
 import type { MCPProxyConfig } from '../proxy/mcp-types.js';
-import { createCliEvolutionHandler } from '../evolution/cli-handler.js';
 import { registerInitCommand } from './init.js';
 
 const program = new Command();
@@ -222,20 +221,14 @@ program
           return; // unreachable but helps TS narrow types
         }
 
-        const gatewayConfig: GatewayConfig = {
-          ledgerDir: proxyConfig.ledgerDir,
-        };
-
-        // Wire policy self-evolution if --evolve flag is set
+        // Enable MCP-native evolution on the proxy (not gateway-level CLI handler)
         if (opts.evolve) {
-          gatewayConfig.policyEvolution = {
-            policyPath: proxyConfig.policy,
-            handler: createCliEvolutionHandler(),
-            timeoutMs: proxyConfig.evolutionTimeoutMs,
-          };
+          proxyConfig.enableEvolution = true;
         }
 
-        const gateway = await AgentGateway.create(gatewayConfig);
+        const gateway = await AgentGateway.create({
+          ledgerDir: proxyConfig.ledgerDir,
+        });
 
         const proxy = new MCPProxyServer(proxyConfig, gateway);
 
diff --git a/src/evolution/mcp-handler.ts b/src/evolution/mcp-handler.ts
@@ -0,0 +1,238 @@
+/**
+ * MCP-Native Evolution Handler — policy evolution via the MCP tool protocol.
+ *
+ * Instead of blocking on stdin (which conflicts with MCP stdio transport),
+ * this handler works in two asynchronous steps:
+ *
+ *  1. On deny: returns a structured denial response with a suggestion ID.
+ *     The agent presents the suggestion to the user in chat.
+ *  2. On approve: the agent calls `policy_evolution_approve` with the
+ *     suggestion ID and the user's decision. The handler applies the change.
+ *
+ * The agent then retries the original tool call.
+ */
+
+import { nanoid } from 'nanoid';
+import type { ActionRequest, Policy, Session } from '../types.js';
+import type { EvolutionDecision, PolicySuggestion } from './types.js';
+import { suggestPolicyChange } from './suggestion.js';
+import { applyPolicyChange, writePolicyToFile } from './writer.js';
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+interface PendingSuggestion {
+  suggestion: PolicySuggestion;
+  action: ActionRequest;
+  sessionId: string;
+  createdAt: number;
+}
+
+interface McpToolContent {
+  type: 'text';
+  text: string;
+}
+
+interface McpToolResponse {
+  [key: string]: unknown;
+  content: McpToolContent[];
+  isError?: boolean;
+}
+
+// ---------------------------------------------------------------------------
+// Tool definition
+// ---------------------------------------------------------------------------
+
+const TOOL_NAME = 'policy_evolution_approve';
+
+const TOOL_DEFINITION = {
+  name: TOOL_NAME,
+  description:
+    'Approve or deny a suggested policy change after a tool call was denied. ' +
+    'Present the suggestion to the user first and relay their decision.',
+  inputSchema: {
+    type: 'object' as const,
+    properties: {
+      suggestion_id: {
+        type: 'string',
+        description: 'The suggestion ID from the denial message',
+      },
+      decision: {
+        type: 'string',
+        enum: ['add-to-policy', 'allow-once', 'deny'],
+        description:
+          'The user\'s decision: "add-to-policy" persists to YAML, ' +
+          '"allow-once" applies for this session only, "deny" keeps the block',
+      },
+    },
+    required: ['suggestion_id', 'decision'],
+  },
+};
+
+// ---------------------------------------------------------------------------
+// Handler class
+// ---------------------------------------------------------------------------
+
+export class McpEvolutionHandler {
+  private pendingSuggestions = new Map<string, PendingSuggestion>();
+  private readonly policyPath: string;
+
+  constructor(policyPath: string) {
+    this.policyPath = policyPath;
+  }
+
+  /** The MCP tool name used by this handler. */
+  static readonly TOOL_NAME = TOOL_NAME;
+
+  /**
+   * Return the MCP tool definition for `policy_evolution_approve`.
+   */
+  getToolDefinition(): typeof TOOL_DEFINITION {
+    return TOOL_DEFINITION;
+  }
+
+  /**
+   * Build a denial response that includes a policy-change suggestion.
+   *
+   * Called by the proxy when a tool call is denied and evolution is enabled.
+   * Returns `null` if the denial is not suggestible (e.g. budget exceeded),
+   * so the proxy should fall back to a plain denial message.
+   */
+  buildDenialResponse(
+    action: ActionRequest,
+    reasons: string[],
+    policy: Policy,
+    sessionId: string,
+  ): McpToolResponse | null {
+    const suggestion = suggestPolicyChange(action, reasons, policy);
+    if (!suggestion) {
+      return null;
+    }
+
+    const suggestionId = nanoid(12);
+    this.pendingSuggestions.set(suggestionId, {
+      suggestion,
+      action,
+      sessionId,
+      createdAt: Date.now(),
+    });
+
+    const text = [
+      `Action denied by policy: ${reasons.join('; ')}`,
+      '',
+      `[Policy Evolution] Suggested change: ${suggestion.description}`,
+      `Suggestion ID: ${suggestionId}`,
+      '',
+      'Present this suggestion to the user and ask for their decision:',
+      '  - "add-to-policy" — permanently add to the policy file',
+      '  - "allow-once" — allow for this session only',
+      '  - "deny" — keep the restriction',
+      '',
+      `Then call the "${TOOL_NAME}" tool with the suggestion_id and their decision.`,
+    ].join('\n');
+
+    return {
+      content: [{ type: 'text', text }],
+      isError: true,
+    };
+  }
+
+  /**
+   * Handle a call to `policy_evolution_approve`.
+   *
+   * Validates the suggestion ID, applies the policy change, and returns
+   * a success or error message.
+   */
+  handleApproval(
+    args: Record<string, unknown>,
+    session: Session,
+  ): McpToolResponse {
+    const suggestionId = args.suggestion_id as string | undefined;
+    const decision = args.decision as EvolutionDecision | undefined;
+
+    if (!suggestionId || !decision) {
+      return {
+        content: [{ type: 'text', text: 'Missing required fields: suggestion_id, decision' }],
+        isError: true,
+      };
+    }
+
+    const validDecisions: EvolutionDecision[] = ['add-to-policy', 'allow-once', 'deny'];
+    if (!validDecisions.includes(decision)) {
+      return {
+        content: [{
+          type: 'text',
+          text: `Invalid decision "${decision}". Must be one of: ${validDecisions.join(', ')}`,
+        }],
+        isError: true,
+      };
+    }
+
+    const pending = this.pendingSuggestions.get(suggestionId);
+    if (!pending) {
+      return {
+        content: [{
+          type: 'text',
+          text: `Suggestion "${suggestionId}" not found or already resolved.`,
+        }],
+        isError: true,
+      };
+    }
+
+    // Clean up the pending suggestion
+    this.pendingSuggestions.delete(suggestionId);
+
+    if (decision === 'deny') {
+      return {
+        content: [{ type: 'text', text: 'Policy change denied. The restriction remains in place.' }],
+      };
+    }
+
+    // Apply the change
+    try {
+      const updated = applyPolicyChange(session.policy, pending.suggestion);
+      Object.assign(session.policy, updated);
+
+      if (decision === 'add-to-policy') {
+        writePolicyToFile(updated, this.policyPath);
+        return {
+          content: [{
+            type: 'text',
+            text: `Policy updated and saved to disk. ${pending.suggestion.description} You can now retry the original action.`,
+          }],
+        };
+      }
+
+      // allow-once
+      return {
+        content: [{
+          type: 'text',
+          text: `Policy updated for this session only (not saved to disk). ${pending.suggestion.description} You can now retry the original action.`,
+        }],
+      };
+    } catch (err) {
+      return {
+        content: [{
+          type: 'text',
+          text: `Failed to apply policy change: ${(err as Error).message}`,
+        }],
+        isError: true,
+      };
+    }
+  }
+
+  /**
+   * Check whether a tool name is handled by this evolution handler.
+   */
+  isEvolutionTool(toolName: string): boolean {
+    return toolName === TOOL_NAME;
+  }
+
+  /**
+   * Get the number of pending suggestions (useful for testing).
+   */
+  getPendingCount(): number {
+    return this.pendingSuggestions.size;
+  }
+}
diff --git a/src/index.ts b/src/index.ts
@@ -74,6 +74,7 @@ export { ShellProxy } from './proxy/shell-proxy.js';
 
 // Policy self-evolution
 export { PolicyEvolutionManager } from './evolution/policy-evolution.js';
+export { McpEvolutionHandler } from './evolution/mcp-handler.js';
 export { suggestPolicyChange } from './evolution/suggestion.js';
 export { applyPolicyChange, writePolicyToFile } from './evolution/writer.js';
 export { createCliEvolutionHandler } from './evolution/cli-handler.js';
diff --git a/src/proxy/mcp-proxy.ts b/src/proxy/mcp-proxy.ts
diff --git a/tests/evolution/mcp-handler.test.ts b/tests/evolution/mcp-handler.test.ts

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@det-acp/core",`
`3`		`- "version": "0.4.0",`
	`3`	`+ "version": "0.4.1",`
`4`	`4`	`"description": "Agent Governance Gateway — bounded, auditable, session-aware control for AI agents with MCP proxy, shell proxy, and HTTP API",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"main": "dist/index.js",`