@agfpd/totp-presence-mcp 0.2.0 → 0.2.1

package/README.md

@@ -11,7 +11,7 @@ owner-presence gate against prompt injection.
 ## Modes
 
 - **SOFT (default, zero-sudo, one command):** MCP tools
-  (`totp_verify` / `totp_check_session` / `totp_status`) the agent calls itself,
+  (`totp_verify` / `totp_check_session`) the agent calls itself,
   plus a tiny conditional SessionStart directive. Advisory — cannot DENY a tool
   call; `tamper_resistant: false`.
 - **HARD (opt-in, two honest actions — one sudo, one phone pairing):** a
@@ -31,7 +31,10 @@ codex plugin add totp-presence@agfpd
 
 The source repo is **private** (`agfpd` org), so installing requires read access
 to the org (git/gh authenticated) — the same access model as every other agfpd
-plugin.
+plugin. The MCP server is published separately on npm as
+[`@agfpd/totp-presence-mcp`](https://www.npmjs.com/package/@agfpd/totp-presence-mcp)
+and `.mcp.json` launches it via `npx`, so **Node ≥18 must be on `PATH`** (npx
+fetches and runs it on first session start).
 
 Restart the session afterward — `hooks.json` / `.mcp.json` are not hot-reload.
 SOFT (advisory MCP) is live immediately. For HARD: `/totp-presence:setup` (one

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@agfpd/totp-presence-mcp",
-  "version": "0.2.0",
-  "description": "MCP server for the totp-presence identity-gate plugin (Claude Code + Codex CLI). Three tools — totp_verify / totp_check_session / totp_status — wrap the root-owned /etc/totp-presence/verify so an agent can prove the physical owner is present before risky actions. The server runs as the user, never reads the seed; all verification happens under sudo in the audited root verifier.",
+  "version": "0.2.1",
+  "description": "MCP server for the totp-presence identity-gate plugin (Claude Code + Codex CLI). Two tools — totp_verify / totp_check_session — wrap the root-owned /etc/totp-presence/verify so an agent can prove the physical owner is present before risky actions. The server runs as the user, never reads the seed; all verification happens under sudo in the audited root verifier.",
   "license": "Apache-2.0",
   "author": {
     "name": "agfpd",

package/src/server.mjs

@@ -6,7 +6,6 @@
  * code and inspect presence sessions without a hook:
  *   totp_verify(code, integration)    open/renew a presence session
  *   totp_check_session(integration)   inspect an integration's session state
- *   totp_status()                     core install state + honest capability matrix
  *
  * The previous build hand-rolled the JSON-RPC stdio transport on the Python
  * stdlib. This rewrite delegates the wire protocol (initialize handshake,
@@ -38,7 +37,6 @@ import {
   ToolError,
   totpVerify,
   totpCheckSession,
-  totpStatus,
 } from './totp.mjs';
 
 const here = dirname(fileURLToPath(import.meta.url));
@@ -95,21 +93,6 @@ export const TOOLS = [
       additionalProperties: false,
     },
   },
-  {
-    name: 'totp_status',
-    description:
-      'Report core install state and the honest capability matrix.\n\n' +
-      'Returns core_installed, mode (soft|hard), tamper_resistant (false|true), ' +
-      "and each integration's session state for the invoking user. " +
-      "mode/tamper_resistant never over-assure: 'soft' means advisory-only " +
-      "(cannot DENY a tool call); 'hard' requires the root-owned guard to be " +
-      "installed. Note: 'hard' here means the guard is present — the PreToolUse " +
-      'hook must also be registered and the session restarted for enforcement to ' +
-      'be live. On Codex, PreToolUse covers Bash + apply_patch + mcp__ only (not ' +
-      'every tool — openai/codex#20204), and headless `codex exec` does not fire ' +
-      'the hook at all (Phase 0).',
-    inputSchema: { type: 'object', properties: {}, additionalProperties: false },
-  },
 ];
 
 /**
@@ -133,8 +116,6 @@ export function createServer({ version, runVerify } = {}) {
         value = totpVerify(args.code, args.integration, { runVerify });
       } else if (name === 'totp_check_session') {
         value = totpCheckSession(args.integration);
-      } else if (name === 'totp_status') {
-        value = totpStatus();
       } else {
         // Tool-not-found is an exceptional condition, not a tool execution error
         // → protocol error (-32602), matching the audited Python build.

package/src/totp.mjs

@@ -18,7 +18,7 @@
  */
 
 import { spawnSync } from 'node:child_process';
-import { statSync, readFileSync, readdirSync } from 'node:fs';
+import { statSync, readFileSync } from 'node:fs';
 import { userInfo } from 'node:os';
 
 // --------------------------------------------------------------------------
@@ -32,7 +32,7 @@ export const RUNTIME_BASE = '/var/run/totp-presence';
 
 // Root-owned PreToolUse guard scripts. Their presence is the server's best proxy
 // for "HARD enforcement is installed" (the hook must also be registered and the
-// session restarted — see the note in totpStatus).
+// session restarted before HARD actually fires — see detectCapability).
 export const ROOT_GUARDS = [`${INSTALL_DIR}/claude-code-guard.sh`, `${INSTALL_DIR}/guard.sh`];
 
 export const DEFAULT_WINDOW_SECONDS = 1500;
@@ -69,14 +69,6 @@ function isFile(p) {
   }
 }
 
-function isDir(p) {
-  try {
-    return statSync(p).isDirectory();
-  } catch {
-    return false;
-  }
-}
-
 /**
  * Resolve the human user this server should scope sessions to.
  *
@@ -175,8 +167,7 @@ function requireCore() {
   if (!coreInstalled()) {
     throw new ToolError(
       'totp-presence core is not installed on this host. Run: ' +
-        '/totp-presence:setup (one guided sudo). Use totp_status to check ' +
-        'installation state.',
+        '/totp-presence:setup (one guided sudo).',
     );
   }
 }
@@ -195,7 +186,7 @@ function resolveIntegration(name) {
   if (!isFile(config)) {
     throw new ToolError(
       `Integration ${JSON.stringify(name)} is not installed — ${config} does not exist. ` +
-        'Use totp_status to see which integrations are available.',
+        'Run /totp-presence:setup to enroll an integration.',
     );
   }
   return { name, user, sessionFile: sessionFileFor(name, user), config };
@@ -287,7 +278,7 @@ export function totpVerify(code, integration, { runVerify = defaultRunVerify } =
   throw new ToolError(
     (r.stderr || '').trim() ||
       (r.stdout || '').trim() ||
-      `Verify exited with code ${rc}. Use totp_status to check the install.`,
+      `Verify exited with code ${rc}. Check the totp-presence install (e.g. core/setup.sh status).`,
   );
 }
 
@@ -331,48 +322,3 @@ export function totpCheckSession(integration) {
     expires_in_seconds: ts + window - now,
   };
 }
-
-/** Report core install state and the honest capability matrix. */
-export function totpStatus() {
-  const result = {
-    core_installed: coreInstalled(),
-    install_dir: INSTALL_DIR,
-    runtime_base: RUNTIME_BASE,
-    user: null,
-    integrations: [],
-    ...detectCapability(),
-  };
-  try {
-    result.user = invokingUser();
-  } catch (exc) {
-    result.user_error = exc instanceof Error ? exc.message : String(exc);
-  }
-
-  if (!isDir(INSTALL_DIR)) {
-    return result;
-  }
-
-  let entries;
-  try {
-    entries = readdirSync(INSTALL_DIR).filter(f => f.endsWith('-config')).sort();
-  } catch {
-    entries = [];
-  }
-  for (const fname of entries) {
-    const name = fname.slice(0, -'-config'.length);
-    if (!INTEGRATION_NAME_RE.test(name)) {
-      continue;
-    }
-    try {
-      result.integrations.push(totpCheckSession(name));
-    } catch (exc) {
-      // never let one integration break status
-      result.integrations.push({
-        integration: name,
-        open: false,
-        error: exc instanceof Error ? exc.message : String(exc),
-      });
-    }
-  }
-  return result;
-}