feat(mcp-bridge): runtime Nickel envelope validation (Task #17)

New lib/nickel-validator.js shells out to \`nickel eval\` with
contracts.validate from coord-messages-contracts.ncl. Runs in
dispatchLocalCoord BEFORE forwarding coord_send / coord_send_gated
to the Zig adapter — invalid envelopes get rejected with a
descriptive MCP error ("envelope validation failed: ...") that
points at the offending contract.

Only coord_send and coord_send_gated carry A2ML envelopes — other
coord_* tools are RPC-shaped and skip validation. Expansion to more
tools tracked as a roadmap item.

If \`nickel\` is missing on PATH, validation is skipped with a
warning so coord stays usable in environments without Nickel.
Set COORD_REQUIRE_NICKEL=1 to fail closed.

4 smoke tests in nickel-validator.test.js: path resolution,
tier-0 accept, tier-2-missing-context reject, urgent_direct from
supervised reject.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

mcp-bridge/lib/nickel-validator.js

@@ -0,0 +1,180 @@
+// SPDX-License-Identifier: PMPL-1.0-or-later
+// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+//
+// Nickel envelope validator — runtime check for coord_send / coord_send_gated
+// envelope bodies (Task #17).
+//
+// Before the mcp-bridge forwards a coord_send(_gated) call to the Zig
+// adapter, the incoming `message` payload is parsed (if JSON) and run
+// through `contracts.validate` from coord-messages-contracts.ncl via
+// a `nickel eval` subprocess. Invalid envelopes are rejected with a
+// descriptive MCP error — they never reach the loopback adapter.
+//
+// Design notes:
+//
+//   * The Nickel CLI is invoked per-call. No long-running Nickel process
+//     today; the contract file is small and Nickel eval is sub-10ms on
+//     typical envelopes. If this becomes a bottleneck, a follow-up task
+//     can batch / cache.
+//
+//   * The contracts *path* is resolved once at bridge startup
+//     (`contractsPath()`), so we don't pay disk lookup on every call.
+//
+//   * If the `nickel` binary is not on PATH, validation is skipped with
+//     a single warning — this keeps coord usable in environments where
+//     Nickel isn't installed (contracts still run via the Zig adapter's
+//     own gating). To fail closed instead of open, set
+//     COORD_REQUIRE_NICKEL=1.
+//
+//   * Only coord_send and coord_send_gated carry envelope bodies; other
+//     coord_* tools are RPC-shaped and skip validation. Extension to
+//     more tools is tracked in Appendix K of COORD-MCP-DESIGN-LOG.
+
+import { spawnSync } from "node:child_process";
+import { existsSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, resolve } from "node:path";
+import { writeFileSync, unlinkSync } from "node:fs";
+import { info, warn } from "./logger.js";
+
+const CONTRACTS_REL = "../../cartridges/local-coord-mcp/schemas/coord-messages-contracts.ncl";
+
+let cachedContractsPath = null;
+let nickelAvailable = null; // null = not yet probed, true = on PATH, false = missing
+
+/**
+ * Resolve the absolute contracts path once and cache it. Returns null
+ * if the file isn't found (caller treats as "no validation configured").
+ */
+export function contractsPath() {
+  if (cachedContractsPath !== null) return cachedContractsPath;
+
+  // main.js lives at mcp-bridge/main.js — lib/ is one below.
+  const here = dirname(fileURLToPath(import.meta.url));
+  const candidate = resolve(here, CONTRACTS_REL);
+  cachedContractsPath = existsSync(candidate) ? candidate : null;
+  return cachedContractsPath;
+}
+
+/** Probe whether `nickel` is on PATH. Cached. */
+function probeNickel() {
+  if (nickelAvailable !== null) return nickelAvailable;
+  const r = spawnSync("nickel", ["--version"], { stdio: "ignore" });
+  nickelAvailable = r.status === 0;
+  if (!nickelAvailable) {
+    const strict = process.env.COORD_REQUIRE_NICKEL === "1";
+    if (strict) {
+      throw new Error("COORD_REQUIRE_NICKEL=1 but `nickel` not on PATH");
+    }
+    warn("Nickel binary not found — coord envelope validation disabled");
+  }
+  return nickelAvailable;
+}
+
+/**
+ * Serialise a JS value into a Nickel literal that `nickel eval` can
+ * parse. Covers the subset needed for coord envelopes: null, bool,
+ * number (int/float), string, array, plain object. Other shapes are
+ * serialised as their JSON form, which Nickel parses as records.
+ */
+function toNickel(v) {
+  if (v === null || v === undefined) return "null";
+  if (typeof v === "boolean") return v ? "true" : "false";
+  if (typeof v === "number") {
+    // Nickel accepts "1" and "1.5" literals directly.
+    return Number.isFinite(v) ? String(v) : "null";
+  }
+  if (typeof v === "string") {
+    // Use Nickel's multiline-string safe form via JSON.stringify —
+    // Nickel string literal syntax is a superset of JSON's for basic
+    // double-quoted strings (no unicode \u escapes unusual to Nickel).
+    return JSON.stringify(v);
+  }
+  if (Array.isArray(v)) {
+    return `[${v.map(toNickel).join(",")}]`;
+  }
+  if (typeof v === "object") {
+    const entries = Object.entries(v)
+      .filter(([, val]) => val !== undefined)
+      .map(([k, val]) => `"${k}" = ${toNickel(val)}`);
+    return `{${entries.join(",")}}`;
+  }
+  // Fallback: unknown type — stringify to JSON so Nickel at least
+  // parses it as a string.
+  return JSON.stringify(String(v));
+}
+
+/**
+ * Run contracts.validate on `envelope`. Returns {ok: true} if valid,
+ * or {ok: false, error: string} if Nickel rejects the envelope.
+ *
+ * If Nickel isn't available (and COORD_REQUIRE_NICKEL != 1), returns
+ * {ok: true, skipped: true}.
+ */
+export function validateEnvelope(envelope, senderRole) {
+  if (!probeNickel()) return { ok: true, skipped: true };
+  const path = contractsPath();
+  if (!path) return { ok: true, skipped: true };
+
+  // Attach sender_role into _meta so role-dependent contracts
+  // (TierAttestationGate / UrgentDirectRestriction) can evaluate.
+  const withMeta = { ...envelope };
+  if (senderRole) {
+    withMeta._meta = { ...(withMeta._meta || {}), sender_role: senderRole };
+  }
+
+  // Write the call-site script to a temp file in the same dir as the
+  // contracts so its relative `import` resolves.
+  const tmp = resolve(dirname(path), `._validate_${process.pid}_${Date.now()}.ncl`);
+  const script =
+    `let c = import "${path.split("/").pop()}" in\n` +
+    `let e = ${toNickel(withMeta)} in\n` +
+    `c.validate e\n`;
+
+  try {
+    writeFileSync(tmp, script);
+    const r = spawnSync("nickel", ["eval", tmp], {
+      cwd: dirname(path),
+      encoding: "utf8",
+    });
+    if (r.status === 0) return { ok: true };
+    // Nickel writes the violation to stderr; fall back to stdout.
+    const err = (r.stderr || r.stdout || "").trim();
+    // Squash to the most informative line.
+    const firstLine = err.split("\n").find((l) => l.includes("error:")) || err.split("\n")[0] || "validation failed";
+    return { ok: false, error: firstLine };
+  } catch (e) {
+    return { ok: false, error: `nickel invocation failed: ${e.message}` };
+  } finally {
+    try { unlinkSync(tmp); } catch { /* best-effort cleanup */ }
+  }
+}
+
+/**
+ * Best-effort parse of the coord_send message body — coord envelopes
+ * are typically JSON-stringified A2ML envelopes. Returns the parsed
+ * object or null if the body isn't JSON-shaped.
+ */
+export function tryParseEnvelope(msg) {
+  if (typeof msg !== "string") return msg && typeof msg === "object" ? msg : null;
+  const s = msg.trim();
+  if (!s.startsWith("{")) return null; // plain text payload — caller skips validation
+  try {
+    return JSON.parse(s);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Initialise validator state at bridge startup. Idempotent.
+ * Logs an info line with the resolved state.
+ */
+export function initValidator() {
+  const path = contractsPath();
+  const ready = probeNickel();
+  info("Nickel validator", {
+    nickel: ready ? "available" : "missing",
+    contracts: path ? "loaded" : "not_found",
+  });
+}

mcp-bridge/lib/nickel-validator.test.js

@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: PMPL-1.0-or-later
+// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+//
+// Smoke test for the Nickel envelope validator (Task #17).
+// Run: node mcp-bridge/lib/nickel-validator.test.js
+//
+// Verifies:
+//   1. contractsPath() resolves to the real file.
+//   2. A valid envelope passes.
+//   3. A tier-2 envelope without context_fetch_id is rejected.
+//   4. urgent_direct from a supervised peer is rejected.
+
+import { strict as assert } from "node:assert";
+import { contractsPath, validateEnvelope, initValidator } from "./nickel-validator.js";
+
+let passed = 0;
+let failed = 0;
+
+function t(name, fn) {
+  try {
+    fn();
+    console.log(`  PASS: ${name}`);
+    passed++;
+  } catch (e) {
+    console.error(`  FAIL: ${name}\n    ${e.message}`);
+    failed++;
+  }
+}
+
+console.log("=== Nickel validator smoke tests ===");
+
+initValidator();
+
+t("contractsPath resolves", () => {
+  const p = contractsPath();
+  assert.ok(p, "expected a resolved path, got null");
+  assert.ok(p.endsWith("coord-messages-contracts.ncl"), `unexpected path: ${p}`);
+});
+
+t("tier 0 status envelope passes", () => {
+  const env = {
+    version: 1,
+    msg_id: "abcdef012345",
+    prev_msg_hash: "0".repeat(64),
+    sender: "claude-7f3a",
+    recipient: "gemini-b2c1",
+    timestamp: "2026-04-20T10:00:00Z",
+    op_kind: "status",
+    risk_tier: 0,
+    payload: { status: "ok" },
+  };
+  const r = validateEnvelope(env, null);
+  assert.ok(r.ok, `expected ok, got error: ${r.error}`);
+});
+
+t("tier 2 without context_fetch_id is rejected", () => {
+  const env = {
+    version: 1,
+    msg_id: "abcdef012346",
+    prev_msg_hash: "0".repeat(64),
+    sender: "claude-7f3a",
+    recipient: "*",
+    timestamp: "2026-04-20T10:00:00Z",
+    op_kind: "claim",
+    risk_tier: 2,
+    payload: { task: "x" },
+  };
+  const r = validateEnvelope(env, null);
+  if (r.skipped) {
+    console.log("    (skipped: nickel not on PATH)");
+    return;
+  }
+  assert.ok(!r.ok, "expected rejection, got ok");
+});
+
+t("urgent_direct from supervised is rejected", () => {
+  const env = {
+    version: 1,
+    msg_id: "abcdef012347",
+    prev_msg_hash: "0".repeat(64),
+    sender: "gemini-b2c1",
+    recipient: "claude-7f3a",
+    timestamp: "2026-04-20T10:00:00Z",
+    op_kind: "clarify",
+    risk_tier: 0,
+    payload: { question: "hey" },
+    urgent_direct: true,
+  };
+  const r = validateEnvelope(env, "supervised");
+  if (r.skipped) {
+    console.log("    (skipped: nickel not on PATH)");
+    return;
+  }
+  assert.ok(!r.ok, "expected rejection, got ok");
+});
+
+console.log(`\n=== ${passed} passed, ${failed} failed ===`);
+process.exit(failed === 0 ? 0 : 1);

mcp-bridge/main.js

@@ -30,6 +30,11 @@ import {
   invokeCartridge,
 } from "./lib/api-clients.js";
 import { buildToolList } from "./lib/tools.js";
+import {
+  initValidator,
+  tryParseEnvelope,
+  validateEnvelope,
+} from "./lib/nickel-validator.js";
 import { info, warn, error as logError } from "./lib/logger.js";
 
 const BOJ_BASE = process.env.BOJ_URL || "http://localhost:7700";
@@ -257,7 +262,34 @@ async function dispatchTool(toolName, args) {
 
 const LOCAL_COORD_URL = process.env.COORD_BACKEND_URL || "http://127.0.0.1:7745";
 
+// Nickel contracts run on coord_send / coord_send_gated only — those
+// are the two tools whose `message` argument carries an A2ML envelope.
+// Other coord_* calls are RPC-shaped (register/list/review/approve/...)
+// and bypass contract validation. Expansion to more tools is a roadmap
+// item — see Appendix K of COORD-MCP-DESIGN-LOG.md (Task #17 extension).
+const ENVELOPE_CARRYING_TOOLS = new Set(["coord_send", "coord_send_gated"]);
+
+initValidator();
+
 async function dispatchLocalCoord(toolName, args) {
+  // Runtime envelope validation (Task #17) — BEFORE the HTTP forward.
+  if (ENVELOPE_CARRYING_TOOLS.has(toolName) && args && typeof args.message === "string") {
+    const env = tryParseEnvelope(args.message);
+    if (env && typeof env === "object") {
+      const senderRole = env._meta?.sender_role || args.sender_role;
+      const result = validateEnvelope(env, senderRole);
+      if (!result.ok) {
+        return {
+          success: false,
+          error: `envelope validation failed: ${result.error}`,
+          hint: "See cartridges/local-coord-mcp/schemas/coord-messages-contracts.ncl for the active contracts",
+        };
+      }
+    }
+    // Plain-string messages (non-JSON) skip validation — they're not
+    // A2ML envelopes. The Zig adapter still enforces shape + gating.
+  }
+
   try {
     const res = await fetch(`${LOCAL_COORD_URL}/tools/${toolName}`, {
       method: "POST",