feat: plumb task-configured MCP servers through ACP session/new

[bingran-you]

Summary

task.toml [[environment.mcp_servers]] was parsed into SandboxConfig.mcp_servers but never reached the agent: both ACP session entry points hardcoded an empty MCP list (mcp_servers=[]), and the vendored McpServerSpec was never constructed anywhere. So a task could not attach any MCP server (e.g. a Playwright MCP) to the agent.

This PR wires the full path task config → ACP session/new so task-declared MCP servers are attached to the agent's session.

task.toml [[environment.mcp_servers]]
  → SandboxConfig.mcp_servers (MCPServerConfig)
  → rollout._task_mcp_specs()            # MCPServerConfig → McpServerSpec
  → connect_acp(mcp_servers=...)
  → ACPClient.session_new / session_load # → session/new "mcpServers" on the wire

Changes

• acp/types.py — McpServerSpec becomes wire-correct: adds name (required — every ACP variant carries it) and headers, plus to_new_session_param() which projects the flat spec onto the SDK's discriminated per-transport union (stdio omits type and carries command/args/env; sse/http carry url/headers and keep type).
• rollout.py — _task_mcp_specs() owns the MCPServerConfig → McpServerSpec translation (including the streamable-http → http naming bridge) at the composition root, so acp/ keeps zero dependency on the task-config layer. Threaded into both connect_acp call sites (connect() and connect_as()).
• acp/client.py / acp/runtime.py — session_new, session_load, and connect_acp accept the spec list. None → empty list, preserving the historical benchmark default.
• tests/test_acp_mcp_servers.py — covers the per-transport wire projection, the _task_mcp_specs mapping (all three transports + absent config), the session_new/session_load wire output, and the rollout threading into connect_acp.

Design notes

• Why McpServerSpec (not raw dicts or MCPServerConfig passed down): it's the ACP-layer DTO that decouples the protocol layer from both the task-config shape and the SDK's split McpServerStdio/SseMcpServer/HttpMcpServer union. Passing typed specs through connect_acp/session_new keeps those signatures honest; doing the translation in the rollout keeps acp/ free of any benchflow.task import.
• session_new uses NewSessionParams.model_validate(...) so the SDK's discriminated union validates each per-transport dict (the constructor's static type rejects a list[dict]).

Scope / limitations

• Framework-only change. No task bundles touched.
• stdio servers get env: [] (MCPServerConfig has no env field) — fine for Playwright; a stdio MCP needing secrets would require adding an env field to MCPServerConfig (follow-up).
• Unblocks Playwright-MCP ("V3") variants of research tasks. Note: whether a given agent runtime honors session/new mcpServers vs only its own config still needs a smoke test before relying on it end-to-end.

Testing

• uv run --extra dev python -m pytest tests/ — full suite green
• uv run ty check src/ — clean
• uv run ruff check . — clean

---

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.