feat(acp): implement protocol completeness (#922)

CHANGELOG.md

@@ -35,11 +35,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - ACP session modes support: `set_session_mode` method (ask/architect/code), `current_mode_update` notification emission on mode switch, and `availableModes` field in `new_session`/`load_session` responses (#920)
 - ACP: `ext_notification` handler logs method name and returns `Ok(())` instead of `method_not_found` (#930)
 - ACP: MCP bridge now supports HTTP and SSE server transports — both are mapped to `McpTransport::Http` since rmcp's `StreamableHttpClientTransport` handles both; previously HTTP and SSE servers were silently skipped (#930)
+- ACP `AgentCapabilities` now advertises `session_capabilities` with list/fork/resume support (G3) (#922)
+- ACP tool call lifecycle: `loopback_event_to_updates` emits `InProgress` then `Completed` `ToolCall` updates per turn (G5) (#922)
+- ACP terminal command timeout with `kill_terminal_command` on expiry; configurable via `AcpServerConfig.terminal_timeout_secs` (default 120s) (G6) (#922)
+- ACP `ToolCallContent::Terminal` emitted for bash tool calls routed through IDE terminal (G7) (#922)
+- ACP `UserMessageChunk` echo notification after user prompt is sent to agent (G10) (#922)
+- ACP `list_sessions` implementation (unstable, behind `unstable_session_list` feature) (G12) (#922)
+- ACP `fork_session` implementation — copies event history from source session; enforces `max_sessions` with LRU eviction (unstable, behind `unstable_session_fork` feature) (G13) (#922)
+- ACP `resume_session` implementation — restores session from SQLite without event replay; enforces `max_sessions` with LRU eviction (unstable, behind `unstable_session_resume` feature) (G14) (#922)
 
 ### Changed
 - `ToolDef.id` and `ToolDef.description` changed from `&'static str` to `Cow<'static, str>` to support dynamic MCP tool names without memory leaks
 - `AgentCapabilities` in `initialize()` now advertises `PromptCapabilities` with `image=true` and `embedded_context=true`, reflecting actual Image and Resource content block support (#917)
 - ACP: `AgentCapabilities` in `initialize` response now advertises `config_options` and `ext_methods` support via meta fields (#930)
+- ACP unsupported content blocks (`Audio`, `ResourceLink`) now log structured `warn!` with block type/URI instead of silent drop (G9) (#922)
+- `ToolOutput` struct gained `terminal_id: Option<String>` field; all call sites updated with `None` (#922)
+- `LoopbackEvent::ToolOutput` gained `terminal_id: Option<String>` field (#922)
 
 ### Security
 - `AcpConfig` now uses custom `impl std::fmt::Debug` that redacts `auth_token` as `[REDACTED]`, consistent with `A2aServerConfig` and `TelegramConfig` (#936)

Cargo.toml

@@ -16,7 +16,7 @@ categories = ["command-line-utilities", "science"]
 
 [workspace.dependencies]
 age = { version = "0.11.2", default-features = false }
-agent-client-protocol = "0.9"
+agent-client-protocol = { version = "0.9", features = ["unstable_session_list", "unstable_session_fork", "unstable_session_resume"] }
 anyhow = "1.0"
 async-stream = "0.3"
 async-trait = "0.1"

README.md

@@ -67,7 +67,7 @@ zeph --tui         # run with TUI dashboard
 | **Skills-first architecture** | YAML+Markdown skill files with semantic matching, self-learning evolution, 4-tier trust model, and compact prompt mode for small-context models |
 | **Semantic memory** | SQLite + Qdrant (or embedded SQLite vector search) with MMR re-ranking, temporal decay scoring, resilient compaction (reactive retry, middle-out tool response removal, 9-section structured prompt, LLM-free fallback), durable compaction with message visibility control, tool-pair summarization (LLM-based, configurable cutoff), credential scrubbing, cross-session recall, vector retrieval, autosave assistant responses, snapshot export/import, configurable SQLite pool, background response-cache cleanup, and native `memory_search`/`memory_save` tools the model can invoke explicitly |
 | **Multi-channel I/O** | CLI, Telegram, Discord, Slack, TUI — all with streaming. Vision and speech-to-text input |
-| **Protocols** | MCP client (stdio + HTTP), A2A agent-to-agent communication, ACP server for IDE integration (stdio + HTTP+SSE + WebSocket, multi-session with LRU eviction, persistence, idle reaper, permission persistence, multi-modal prompts, runtime model switching, session modes (ask/architect/code), MCP server management via `ext_method`, session export/import), sub-agent orchestration. MCP tools exposed as native `ToolDefinition`s — used via structured tool_use with Claude and OpenAI |
+| **Protocols** | MCP client (stdio + HTTP), A2A agent-to-agent communication, ACP server for IDE integration (stdio + HTTP+SSE + WebSocket, multi-session with LRU eviction, persistence, idle reaper, permission persistence, multi-modal prompts, runtime model switching, session modes (ask/architect/code), MCP server management via `ext_method`, session export/import, tool call lifecycle notifications, terminal command timeout with kill support, `UserMessageChunk` echo, `ext_notification` passthrough, `list`/`fork`/`resume` sessions behind unstable flags), sub-agent orchestration. MCP tools exposed as native `ToolDefinition`s — used via structured tool_use with Claude and OpenAI |
 | **Defense-in-depth** | Shell sandbox (blocklist + confirmation patterns for process substitution, here-strings, eval), tool permissions, secret redaction, SSRF protection (HTTPS-only, DNS validation, address pinning, redirect chain re-validation), skill trust quarantine, audit logging. Secrets held in memory as `Zeroizing<String>` — wiped on drop |
 | **TUI dashboard** | ratatui-based with syntax highlighting, live metrics, file picker, command palette, daemon mode |
 | **Single binary** | ~15 MB, no runtime dependencies, ~50ms startup, ~20 MB idle memory |
@@ -84,6 +84,20 @@ zeph acp --http :8080       # HTTP+SSE (shared/remote)
 zeph acp --ws :8080         # WebSocket
 ```
 
+**ACP capabilities:**
+
+- Session modes: `ask`, `code`, `architect` — switch at runtime via `set_session_mode`; editors receive `current_mode_update` notifications
+- Tool call lifecycle: `InProgress` → `Completed` updates with `ToolCallContent::Terminal` for shell calls
+- Terminal command timeout (default 120 s, configurable via `terminal_timeout_secs`) with `kill_terminal_command` support
+- `UserMessageChunk` echo notification after each user prompt
+- `ext_notification` passthrough to running sessions
+- `AgentCapabilities` advertises `session_capabilities`: `list`, `fork`, `resume`
+- MCP HTTP transport support in the MCP bridge
+- Unsupported content blocks (Audio, ResourceLink) produce structured log warnings instead of silent drops
+
+> [!NOTE]
+> `list_sessions`, `fork_session`, and `resume_session` are gated behind the `unstable` feature flag.
+
 ### WebSocket transport hardening
 
 The WebSocket transport is hardened against a range of protocol and concurrency issues:

crates/zeph-acp/Cargo.toml

@@ -13,6 +13,7 @@ description = "ACP (Agent Client Protocol) server for IDE embedding"
 readme = "README.md"
 
 [features]
+default = ["unstable-session-list", "unstable-session-fork", "unstable-session-resume"]
 acp-http = ["dep:axum", "dep:dashmap", "dep:async-stream", "dep:tower-http", "dep:subtle", "dep:tower"]
 unstable-session-list = ["agent-client-protocol/unstable_session_list"]
 unstable-session-fork = ["agent-client-protocol/unstable_session_fork"]