Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@mastra/acp
Advanced tools
Package version was removed
This package version has been unpublished, mostly likely due to security reasons
This package has malicious versions linked to the ongoing "Mastra AI framework compromise" supply chain attack.
Affected versions:
@mastra/acp
@mastra/acp connects Mastra to coding agents that implement the Agent Client Protocol (ACP). Use it to run an ACP-compatible agent from a Mastra tool or as a Mastra sub-agent.
Installation
npm install @mastra/acp
Overview
The package exports:
createACPTool: Creates a Mastra tool that sends a task to an ACP agent and returns the completed output.AcpAgent: Wraps an ACP agent as a Mastra sub-agent withgenerate()andstream()support.
Use createACPTool when the ACP agent should be callable as a tool. Use AcpAgent when the ACP agent should participate in Mastra agent delegation.
Create an ACP tool
The following example creates a tool that starts an ACP-compatible agent process and sends the provided task to it.
import { Agent } from '@mastra/core/agent';
import { createACPTool } from '@mastra/acp';
const codeAgentTool = createACPTool({
id: 'code-agent',
description: 'Use an ACP-compatible coding agent to make code changes',
command: 'acp-agent',
args: ['--stdio'],
cwd: process.cwd(),
});
export const agent = new Agent({
name: 'supervisor',
instructions: 'Use the code-agent tool when a task requires editing code.',
model,
tools: {
codeAgentTool,
},
});
The tool accepts a task string and returns an output string.
const result = await codeAgentTool.execute({
context: {
task: 'Update the README with setup instructions.',
},
});
console.log(result.output);
Use an ACP agent as a sub-agent
AcpAgent implements Mastra's SubAgent interface. Add it to another agent's agents configuration to let the supervisor delegate work to the ACP agent.
import { Agent } from '@mastra/core/agent';
import { AcpAgent } from '@mastra/acp';
const codeAgent = new AcpAgent({
id: 'code-agent',
name: 'Code agent',
description: 'An ACP-compatible coding agent that can inspect and edit files',
command: 'acp-agent',
args: ['--stdio'],
cwd: process.cwd(),
});
export const supervisor = new Agent({
name: 'supervisor',
instructions: 'Delegate code editing tasks to the code-agent sub-agent.',
model,
agents: {
codeAgent,
},
});
AcpAgent.generate() buffers the ACP response and returns it as text. AcpAgent.stream() emits Mastra text-delta chunks as ACP agent_message_chunk updates arrive.
Configure permissions
ACP agents may request permission before running actions. By default, @mastra/acp selects the first permission option. Pass onPermissionRequest to handle permission requests yourself.
import { createACPTool } from '@mastra/acp';
const codeAgentTool = createACPTool({
id: 'code-agent',
description: 'Use an ACP-compatible coding agent',
command: 'acp-agent',
args: ['--stdio'],
async onPermissionRequest(request) {
const option = request.options.find(option => option.name === 'Allow');
if (!option) {
return { outcome: { outcome: 'cancelled' } };
}
return {
outcome: {
outcome: 'selected',
optionId: option.optionId,
},
};
},
});
Session and workspace behavior
createACPTool and AcpAgent start the configured command on first use and create an ACP session. Sessions persist across calls by default. Set persistSession: false to stop the ACP process after each prompt.
const codeAgent = new AcpAgent({
id: 'code-agent',
description: 'Run one isolated ACP task',
command: 'acp-agent',
args: ['--stdio'],
cwd: process.cwd(),
persistSession: false,
});
By default, the ACP workspace uses cwd as its filesystem root. Pass a Mastra Workspace with a custom filesystem when you need explicit workspace control.
Configuration
createACPTool and AcpAgent accept the same ACP connection options.
| Option | Type | Description |
|---|---|---|
id | string | Unique tool or sub-agent identifier. |
description | string | Description shown to the model when it can call the tool or delegate to the sub-agent. |
command | string | ACP agent executable to spawn. |
args | string[] | Arguments passed to the ACP agent executable. |
env | Record<string, string> | Environment variables to merge with the current process environment. |
cwd | string | Working directory for the ACP process and default workspace. |
session | Partial<NewSessionRequest> | ACP session creation options. |
initialize | Partial<InitializeRequest> | ACP initialization options. |
authMethodId | string | ACP authentication method ID to invoke after initialization. |
persistSession | boolean | Keep the ACP process alive after execution. Defaults to true. |
onPermissionRequest | (request) => Promise<Response> | Callback for ACP permission requests. |
workspace | Workspace | Workspace used for ACP file reads and writes. |
model | string | Model ID to select after session creation via the ACP session/set_model method. |
AcpAgent also accepts name to set the display name used by Mastra agent delegation.
Configure the model
ACP agents may expose selectable models. Instead of setting an environment variable like ANTHROPIC_MODEL, you can pass a model ID directly in the configuration.
Discover available models
Call getAvailableModels() to see which models the ACP agent supports. This starts the agent process and returns the model list from the session:
import { AcpAgent } from '@mastra/acp';
const codeAgent = new AcpAgent({
id: 'code-agent',
description: 'An ACP-compatible coding agent',
command: 'claude',
args: ['--acp'],
});
const models = await codeAgent.getAvailableModels();
// [{ modelId: 'claude-sonnet-4-20250514', name: 'Claude Sonnet' }, ...]
Set the model
Pass the model option to select a model at connection time:
import { AcpAgent } from '@mastra/acp';
const codeAgent = new AcpAgent({
id: 'code-agent',
description: 'An ACP-compatible coding agent',
command: 'claude',
args: ['--acp'],
model: 'claude-sonnet-4-20250514',
});
You can also change the model at runtime with setModel():
await codeAgent.setModel('claude-sonnet-4-20250514');
If the ACP agent advertises available models and your model ID doesn't match any of them, Mastra throws an error listing the valid options:
Model "bad-model-id" is not available. Available models: claude-sonnet-4-20250514, claude-haiku-4-20250514
If the agent doesn't advertise a model list, the value is passed through without validation.
FAQs
ACP package for Mastra
The npm package @mastra/acp receives a total of 2,079 weekly downloads. As such, @mastra/acp popularity was classified as popular.
We found that @mastra/acp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 17 Jun 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
By John Tuckner - Jun 18, 2026
Product
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
By John Tuckner - Jun 17, 2026