@askmesh/mcp 0.11.2 → 0.12.1

package/dist/agent/auto_responder.d.ts

@@ -11,9 +11,22 @@ export declare class AutoResponder {
         agentType: string;
         allowedScopes: string[];
     }): void;
+    /**
+     * Filter scopes by the requester's role.
+     *
+     * Scopes can be encoded with a minimum-role prefix:
+     *   "code"            → all members
+     *   "lead:db-schema"  → lead, admin, owner only
+     *   "admin:db-data"   → admin, owner only
+     *   "owner:secrets"   → owner only
+     *
+     * Returns the bare scope names that this requester is allowed to use.
+     */
+    private filterScopesByRole;
     /**
      * Build a scope-aware extension to the system prompt.
      * Only applies for server agents — dev/ci agents are unrestricted.
+     * `requesterRole` is used to filter role-tiered scopes per request.
      */
     private scopePrompt;
     /**

package/dist/agent/auto_responder.js

@@ -32,23 +32,62 @@ export class AutoResponder {
     setProfile(profile) {
         this.profile = profile;
     }
+    /**
+     * Filter scopes by the requester's role.
+     *
+     * Scopes can be encoded with a minimum-role prefix:
+     *   "code"            → all members
+     *   "lead:db-schema"  → lead, admin, owner only
+     *   "admin:db-data"   → admin, owner only
+     *   "owner:secrets"   → owner only
+     *
+     * Returns the bare scope names that this requester is allowed to use.
+     */
+    filterScopesByRole(rawScopes, requesterRole) {
+        const ROLE_RANK = { member: 1, lead: 2, admin: 3, owner: 4 };
+        const requesterRank = requesterRole ? (ROLE_RANK[requesterRole] || 0) : 0;
+        const result = [];
+        for (const raw of rawScopes) {
+            const idx = raw.indexOf(':');
+            if (idx === -1) {
+                // No prefix → available to everyone
+                result.push(raw);
+                continue;
+            }
+            const minRole = raw.slice(0, idx);
+            const scope = raw.slice(idx + 1);
+            const minRank = ROLE_RANK[minRole];
+            if (!minRank) {
+                // Unknown prefix → treat as plain scope (e.g. "http:something")
+                result.push(raw);
+                continue;
+            }
+            if (requesterRank >= minRank) {
+                result.push(scope);
+            }
+        }
+        return result;
+    }
     /**
      * Build a scope-aware extension to the system prompt.
      * Only applies for server agents — dev/ci agents are unrestricted.
+     * `requesterRole` is used to filter role-tiered scopes per request.
      */
-    scopePrompt() {
+    scopePrompt(requesterRole = null) {
         if (!this.profile || this.profile.agentType !== 'server')
             return '';
-        const scopes = this.profile.allowedScopes;
-        if (!scopes || scopes.length === 0) {
+        const allScopes = this.profile.allowedScopes || [];
+        const scopes = this.filterScopesByRole(allScopes, requesterRole);
+        const roleHint = requesterRole ? ` (requester role: ${requesterRole})` : ' (requester role: unknown)';
+        if (scopes.length === 0) {
             return [
                 '',
-                'SERVER AGENT — RESTRICTIVE MODE:',
-                'No allowed scopes have been declared. Refuse to share any project content.',
-                'Reply with: "This is a restricted server agent. Please ask the human owner directly."',
+                `SERVER AGENT — RESTRICTIVE MODE${roleHint}:`,
+                'No allowed scopes apply for this requester. Refuse to share any project content.',
+                'Reply with: "This server agent is not authorized to share information at your role level."',
             ].join('\n');
         }
-        const lines = ['', 'SERVER AGENT — ALLOWED SCOPES:'];
+        const lines = ['', `SERVER AGENT — ALLOWED SCOPES${roleHint}:`];
         lines.push('You are a restricted server agent. You may ONLY share information that falls within these scopes:');
         for (const s of scopes) {
             lines.push(`  • ${s}`);
@@ -102,7 +141,7 @@ export class AutoResponder {
         if (this.mcpServer) {
             try {
                 const context = readLocalContext();
-                const scopeRules = this.scopePrompt();
+                const scopeRules = this.scopePrompt(request.fromUserRole || null);
                 const result = (await this.mcpServer.request({
                     method: 'sampling/createMessage',
                     params: {
@@ -181,7 +220,7 @@ export class AutoResponder {
     }
     async callAnthropicAPI(apiKey, request, context) {
         const model = process.env.ANTHROPIC_MODEL || 'claude-sonnet-4-20250514';
-        const fullSystem = SYSTEM_PROMPT + this.scopePrompt();
+        const fullSystem = SYSTEM_PROMPT + this.scopePrompt(request.fromUserRole || null);
         const response = await fetch('https://api.anthropic.com/v1/messages', {
             method: 'POST',
             headers: {

package/dist/client/askmesh_client.d.ts

@@ -29,6 +29,7 @@ export declare class AskMeshClient {
             id: number;
             fromAgentId: number;
             fromUsername: string;
+            fromUserRole?: string | null;
             question: string;
             context: string | null;
             status: string;

package/dist/index.js

@@ -5,18 +5,29 @@ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
 import { AskMeshClient } from './client/askmesh_client.js';
 import { SseListener } from './sse/sse_listener.js';
 import { AutoResponder } from './agent/auto_responder.js';
-import { registerAskMesh, registerSetupOnly } from './tools/askmesh.js';
+import { registerAskMesh, registerSetupOnly, bootstrapSetupSkill } from './tools/askmesh.js';
 import * as statusCache from './statusline/cache.js';
 const TOKEN = process.env.ASKMESH_TOKEN;
 const URL = process.env.ASKMESH_URL || 'https://api.askmesh.dev';
 const server = new McpServer({
     name: 'askmesh',
-    version: '0.11.2',
+    version: '0.12.1',
 });
 if (!TOKEN) {
     // No token — start in setup-only mode
     console.error('[AskMesh] No ASKMESH_TOKEN found. Starting in setup mode.');
     registerSetupOnly(server);
+    // Bootstrap: write the /ask-setup slash command file so the user can
+    // discover it without having to know the natural-language path.
+    const boot = bootstrapSetupSkill();
+    if (boot.created) {
+        console.error(`[AskMesh] ✨ Created ${boot.path}`);
+        console.error('[AskMesh] Restart Claude Code to enable the /ask-setup slash command,');
+        console.error('[AskMesh] or just type "setup askmesh" right now to start the wizard.');
+    }
+    else {
+        console.error('[AskMesh] Tip: type "setup askmesh" to start the configuration wizard.');
+    }
 }
 else {
     // Full mode
@@ -61,7 +72,8 @@ else {
                     await autoResponder.handleRequest({
                         id: req.id,
                         fromAgentId: req.fromAgentId,
-                        fromUsername: `agent#${req.fromAgentId}`,
+                        fromUsername: req.fromUsername || `agent#${req.fromAgentId}`,
+                        fromUserRole: req.fromUserRole || null,
                         question: req.question,
                         context: req.context,
                     });

package/dist/sse/sse_listener.d.ts

@@ -2,6 +2,7 @@ export interface IncomingRequest {
     id: number;
     fromAgentId: number;
     fromUsername: string;
+    fromUserRole?: string | null;
     question: string;
     context: string | null;
 }

package/dist/tools/askmesh.d.ts

@@ -1,4 +1,21 @@
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import type { AskMeshClient } from '../client/askmesh_client.js';
 export declare function registerAskMesh(server: McpServer, client: AskMeshClient): void;
+/**
+ * Bootstrap: write the minimum file needed to expose /ask-setup as a slash
+ * command before any setup has run. Called automatically on first MCP start.
+ *
+ * Without this, there's a chicken-and-egg problem: /ask-setup is the skill
+ * that installs all the other skills, including itself. After a fresh install,
+ * the user has no slash command and has to discover the natural-language path
+ * "setup askmesh".
+ *
+ * After this bootstrap, the user only needs to (a) restart Claude Code to
+ * pick up the new slash command, or (b) just type "setup askmesh" in the
+ * current session — both work.
+ */
+export declare function bootstrapSetupSkill(): {
+    created: boolean;
+    path: string;
+};
 export declare function registerSetupOnly(server: McpServer): void;

package/dist/tools/askmesh.js

@@ -256,6 +256,47 @@ Actions disponibles :
         }
     });
 }
+/**
+ * Bootstrap: write the minimum file needed to expose /ask-setup as a slash
+ * command before any setup has run. Called automatically on first MCP start.
+ *
+ * Without this, there's a chicken-and-egg problem: /ask-setup is the skill
+ * that installs all the other skills, including itself. After a fresh install,
+ * the user has no slash command and has to discover the natural-language path
+ * "setup askmesh".
+ *
+ * After this bootstrap, the user only needs to (a) restart Claude Code to
+ * pick up the new slash command, or (b) just type "setup askmesh" in the
+ * current session — both work.
+ */
+export function bootstrapSetupSkill() {
+    const cwd = process.cwd();
+    const commandsDir = join(cwd, '.claude', 'commands');
+    const filePath = join(commandsDir, 'ask-setup.md');
+    if (existsSync(filePath)) {
+        return { created: false, path: filePath };
+    }
+    try {
+        mkdirSync(commandsDir, { recursive: true });
+        const content = `Utilise l'outil MCP askmesh avec l'action "setup" pour installer ou mettre à jour la configuration AskMesh dans ce projet.
+
+Cela va :
+- Créer ou vérifier le .env avec le token AskMesh
+- Installer les slash commands (/ask-inbox, /ask-broadcast, etc.)
+- Configurer la status line
+- Ajouter .env au .gitignore
+- Créer un .askmeshignore template
+
+Si l'utilisateur fournit un token dans les arguments ($ARGUMENTS), passe-le en paramètre "token".
+Sinon, demande-lui d'aller sur https://askmesh.dev > Settings pour récupérer son API token.
+`;
+        writeFileSync(filePath, content);
+        return { created: true, path: filePath };
+    }
+    catch {
+        return { created: false, path: filePath };
+    }
+}
 export function registerSetupOnly(server) {
     server.tool('askmesh', `AskMesh — réseau de communication entre développeurs et agents IA.
 
@@ -282,7 +323,7 @@ Si l'utilisateur n'a pas encore de compte, dirige-le vers https://askmesh.dev po
         return text('Action inconnue.');
     });
 }
-const CURRENT_VERSION = '0.11.2';
+const CURRENT_VERSION = '0.12.1';
 async function checkUpdateAndSetup() {
     const lines = [];
     lines.push(`Version actuelle : ${CURRENT_VERSION}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askmesh/mcp",
-  "version": "0.11.2",
+  "version": "0.12.1",
   "description": "AskMesh MCP server — connect your AI coding agent to your team's mesh network",
   "type": "module",
   "bin": {