@askthew/mcp-plugin 0.4.0 → 0.4.2

package/dist/cli.test.js

@@ -0,0 +1,274 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { spawnSync } from "node:child_process";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { runAuthCommand } from "./cli.js";
+import { configPath, credentialsPath, identityPath, writePrivateJson } from "./lib/paths.js";
+const cliPath = fileURLToPath(new URL("./cli.js", import.meta.url));
+function makeFixture() {
+    const root = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-cli-install-"));
+    const home = path.join(root, "home");
+    const dataDir = path.join(root, "data");
+    const project = path.join(root, "project");
+    fs.mkdirSync(home, { recursive: true });
+    fs.mkdirSync(dataDir, { recursive: true });
+    fs.mkdirSync(project, { recursive: true });
+    fs.writeFileSync(path.join(project, "package.json"), "{}", "utf8");
+    return { root, home, dataDir, project };
+}
+function runCli(input) {
+    return spawnSync(process.execPath, [cliPath, ...input.args], {
+        cwd: input.cwd,
+        encoding: "utf8",
+        env: {
+            ...process.env,
+            HOME: input.home,
+            USERPROFILE: input.home,
+            ASKTHEW_DATA_DIR: input.dataDir,
+            ASKTHEW_EMAIL: "founder@example.com",
+            ASKTHEW_CLI_TOKEN: "",
+            ASKTHEW_CLI_TOKEN_ID: "",
+            ASKTHEW_USER_ID: "",
+            ASKTHEW_INSTALL_TOKEN: "",
+            ASKTHEW_FREE_MODE: "",
+            ...(input.extraEnv ?? {}),
+        },
+    });
+}
+function writeCredentials(dataDir) {
+    fs.writeFileSync(path.join(dataDir, "credentials.json"), `${JSON.stringify({
+        email: "founder@example.com",
+        userId: "user_1",
+        cliToken: "cli_token",
+        cliTokenId: "cli_token_1",
+    }, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
+}
+async function withCliEnv(dataDir, fn) {
+    const previous = {
+        ASKTHEW_DATA_DIR: process.env.ASKTHEW_DATA_DIR,
+        ASKTHEW_EMAIL: process.env.ASKTHEW_EMAIL,
+        ASKTHEW_CLI_TOKEN: process.env.ASKTHEW_CLI_TOKEN,
+        ASKTHEW_CLI_TOKEN_ID: process.env.ASKTHEW_CLI_TOKEN_ID,
+        ASKTHEW_USER_ID: process.env.ASKTHEW_USER_ID,
+        ASKTHEW_INSTALL_TOKEN: process.env.ASKTHEW_INSTALL_TOKEN,
+        ASKTHEW_FREE_MODE: process.env.ASKTHEW_FREE_MODE,
+    };
+    process.env.ASKTHEW_DATA_DIR = dataDir;
+    process.env.ASKTHEW_EMAIL = "founder@example.com";
+    delete process.env.ASKTHEW_CLI_TOKEN;
+    delete process.env.ASKTHEW_CLI_TOKEN_ID;
+    delete process.env.ASKTHEW_USER_ID;
+    delete process.env.ASKTHEW_INSTALL_TOKEN;
+    delete process.env.ASKTHEW_FREE_MODE;
+    try {
+        return await fn();
+    }
+    finally {
+        for (const [key, value] of Object.entries(previous)) {
+            if (value === undefined) {
+                delete process.env[key];
+            }
+            else {
+                process.env[key] = value;
+            }
+        }
+    }
+}
+test("free install without prior auth writes config, instructions, and local identity", () => {
+    const fixture = makeFixture();
+    try {
+        const result = runCli({
+            args: ["install", "--host", "claude_code", "--free", "--email", "founder@example.com", "--api-url", "http://127.0.0.1:9"],
+            cwd: fixture.project,
+            home: fixture.home,
+            dataDir: fixture.dataDir,
+        });
+        assert.equal(result.status, 0, result.stderr);
+        assert.match(result.stdout, /Free local mode installed/);
+        assert.match(result.stdout, /Free install identity saved locally|Free install identity registered/);
+        assert.equal(fs.existsSync(path.join(fixture.home, ".claude.json")), true);
+        assert.match(fs.readFileSync(path.join(fixture.project, "CLAUDE.md"), "utf8"), /capture_session_signal/);
+        const identity = JSON.parse(fs.readFileSync(path.join(fixture.dataDir, "identity.json"), "utf8"));
+        assert.match(identity.installId, /^[0-9a-f-]{36}$/);
+        assert.equal(identity.emailClaim, "founder@example.com");
+        assert.equal(typeof identity.privateKey, "string");
+        assert.equal(typeof identity.publicKey, "string");
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});
+test("free install dry-run stays non-mutating and does not create identity", () => {
+    const fixture = makeFixture();
+    try {
+        const result = runCli({
+            args: ["install", "--host", "codex", "--free", "--email", "founder@example.com", "--dry-run"],
+            cwd: fixture.project,
+            home: fixture.home,
+            dataDir: fixture.dataDir,
+        });
+        assert.equal(result.status, 0, result.stderr);
+        assert.equal(fs.existsSync(path.join(fixture.home, ".codex", "config.toml")), false);
+        assert.equal(fs.existsSync(path.join(fixture.project, "CLAUDE.md")), false);
+        assert.equal(fs.existsSync(path.join(fixture.project, "AGENTS.md")), false);
+        assert.equal(fs.existsSync(path.join(fixture.dataDir, "identity.json")), false);
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});
+test("free install with auth writes host config and agent instructions", () => {
+    const fixture = makeFixture();
+    try {
+        writeCredentials(fixture.dataDir);
+        const result = runCli({
+            args: ["install", "--host", "claude_code", "--free", "--api-url", "http://127.0.0.1:9"],
+            cwd: fixture.project,
+            home: fixture.home,
+            dataDir: fixture.dataDir,
+        });
+        assert.equal(result.status, 0, result.stderr);
+        assert.match(result.stdout, /Free local mode installed/);
+        const settings = JSON.parse(fs.readFileSync(path.join(fixture.home, ".claude.json"), "utf8"));
+        const projectEntries = Object.values(settings.projects);
+        assert.equal(projectEntries.length, 1);
+        const server = projectEntries[0].mcpServers.askthew;
+        assert.equal(server.env.ASKTHEW_FREE_MODE, "1");
+        assert.equal("ASKTHEW_CLI_TOKEN" in server.env, false);
+        assert.equal("ASKTHEW_INSTALL_TOKEN" in server.env, false);
+        assert.match(fs.readFileSync(path.join(fixture.project, "CLAUDE.md"), "utf8"), /capture_session_signal/);
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});
+test("auth status reports a pending verification code", () => {
+    const fixture = makeFixture();
+    try {
+        fs.writeFileSync(path.join(fixture.dataDir, "config.json"), `${JSON.stringify({
+            pendingAuth: {
+                email: "founder@example.com",
+                requestId: "request_1",
+                expiresAt: new Date(Date.now() + 60_000).toISOString(),
+            },
+        }, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
+        const result = runCli({
+            args: ["auth", "status"],
+            cwd: fixture.project,
+            home: fixture.home,
+            dataDir: fixture.dataDir,
+        });
+        assert.equal(result.status, 0, result.stderr);
+        assert.match(result.stdout, /Pending code for founder@example\.com/);
+        assert.match(result.stdout, /askthew-mcp auth verify --code/);
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});
+test("auth code commands require pending state and do not issue a new code", () => {
+    const fixture = makeFixture();
+    try {
+        for (const args of [
+            ["auth", "verify", "--code", "123456"],
+            ["auth", "login", "--email", "founder@example.com", "--code", "123456"],
+        ]) {
+            const result = runCli({
+                args,
+                cwd: fixture.project,
+                home: fixture.home,
+                dataDir: fixture.dataDir,
+                extraEnv: { ASKTHEW_API_URL: "http://127.0.0.1:9" },
+            });
+            assert.equal(result.status, 1);
+            assert.match(result.stderr, /No pending Ask The W login request/);
+            assert.doesNotMatch(result.stdout, /Code sent/);
+        }
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});
+test("auth login now identifies the local free install without requesting an email code", async () => {
+    const fixture = makeFixture();
+    const calls = [];
+    const logs = [];
+    try {
+        await withCliEnv(fixture.dataDir, async () => {
+            await runAuthCommand(["login", "--email", "ymtest89+test5@gmail.com"], {
+                log: (message) => logs.push(message),
+                requestMagicLinkCode: async () => {
+                    calls.push({ type: "unexpected_request" });
+                    throw new Error("auth login must not request a new code.");
+                },
+                verifyMagicLinkCode: async () => {
+                    calls.push({ type: "unexpected_verify" });
+                    throw new Error("auth login must not verify a code.");
+                },
+                registerFreeInstall: async ({ identity }) => {
+                    calls.push({ type: "register", installId: identity.installId, emailClaim: identity.emailClaim });
+                    return { ok: true, registeredAt: new Date().toISOString() };
+                },
+            });
+        });
+        assert.equal(calls.length, 1);
+        assert.equal(calls[0].type, "register");
+        assert.equal(calls[0].emailClaim, "ymtest89+test5@gmail.com");
+        assert.equal(fs.existsSync(identityPath({ ASKTHEW_DATA_DIR: fixture.dataDir })), true);
+        assert.equal(fs.existsSync(credentialsPath({ ASKTHEW_DATA_DIR: fixture.dataDir })), false);
+        assert.match(logs.join("\n"), /No email code is required/);
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});
+test("backwards-compatible auth login --code verifies pending state without requesting a new code", async () => {
+    const fixture = makeFixture();
+    const calls = [];
+    const logs = [];
+    try {
+        await withCliEnv(fixture.dataDir, async () => {
+            writePrivateJson(configPath(), {
+                pendingAuth: {
+                    email: "ymtest89+test5@gmail.com",
+                    requestId: "22222222-2222-4222-8222-222222222222",
+                    expiresAt: new Date(Date.now() + 10 * 60_000).toISOString(),
+                },
+            });
+            await runAuthCommand(["login", "--email", "ymtest89+test5@gmail.com", "--code", "150259"], {
+                log: (message) => logs.push(message),
+                requestMagicLinkCode: async () => {
+                    calls.push({ type: "unexpected_request" });
+                    throw new Error("login --code must not request a new code.");
+                },
+                verifyMagicLinkCode: async (input) => {
+                    calls.push({ type: "verify", requestId: input.requestId, code: input.code });
+                    const credentials = {
+                        email: "ymtest89+test5@gmail.com",
+                        userId: "user_2",
+                        cliToken: "cli_token_2",
+                        cliTokenId: "cli_token_2",
+                        accountStatus: "new_dormant",
+                    };
+                    writePrivateJson(credentialsPath(), credentials);
+                    return credentials;
+                },
+            });
+        });
+        assert.deepEqual(calls, [
+            {
+                type: "verify",
+                requestId: "22222222-2222-4222-8222-222222222222",
+                code: "150259",
+            },
+        ]);
+        assert.match(logs.join("\n"), /Using the pending Ask The W login request/);
+        assert.match(logs.join("\n"), /Logged in/);
+    }
+    finally {
+        fs.rmSync(fixture.root, { recursive: true, force: true });
+    }
+});

package/dist/free-tier-policy.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/free-tier-policy.test.js

@@ -0,0 +1,57 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { resolveMcpMode } from "./lib/free-tier-policy.js";
+function withTempDataDir(fn) {
+    const dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-mode-"));
+    try {
+        return fn({ ASKTHEW_DATA_DIR: dataDir }, dataDir);
+    }
+    finally {
+        fs.rmSync(dataDir, { recursive: true, force: true });
+    }
+}
+test("mode resolution prefers paid install tokens", () => {
+    const mode = resolveMcpMode({
+        ASKTHEW_INSTALL_TOKEN: "atw_token",
+        ASKTHEW_FREE_MODE: "1",
+    });
+    assert.equal(mode.mode, "paid");
+    assert.equal(mode.reason, "workspace_install_token");
+});
+test("mode resolution detects authenticated free credentials", () => {
+    const mode = resolveMcpMode({
+        ASKTHEW_CLI_TOKEN: "cli_token",
+        ASKTHEW_USER_ID: "user_1",
+        ASKTHEW_CLI_TOKEN_ID: "cli_token_1",
+    });
+    assert.equal(mode.mode, "free");
+    assert.equal(mode.reason, "cli_free_tier_credentials");
+    assert.equal(mode.cliCredentials?.userId, "user_1");
+});
+test("mode resolution distinguishes pending free auth from no identity", () => {
+    withTempDataDir((env) => {
+        const pending = resolveMcpMode({
+            ...env,
+            ASKTHEW_FREE_MODE: "1",
+        });
+        const none = resolveMcpMode(env);
+        assert.equal(pending.mode, "free_pending_auth");
+        assert.equal(pending.reason, "free_mode_no_credentials");
+        assert.equal(none.mode, "unauthenticated");
+        assert.equal(none.reason, "no_identity");
+    });
+});
+test("mode resolution marks malformed free credentials as pending auth", () => {
+    withTempDataDir((env, dataDir) => {
+        fs.writeFileSync(path.join(dataDir, "credentials.json"), "{\"not\":\"credentials\"}\n", "utf8");
+        const mode = resolveMcpMode({
+            ...env,
+            ASKTHEW_FREE_MODE: "1",
+        });
+        assert.equal(mode.mode, "free_pending_auth");
+        assert.equal(mode.reason, "invalid_cli_credentials");
+    });
+});

package/dist/index.d.ts

@@ -8,36 +8,56 @@ export declare const codingSessionSignalSchema: z.ZodObject<{
     evidence: z.ZodDefault<z.ZodArray<z.ZodObject<{
         role: z.ZodEnum<["user", "assistant", "system"]>;
         excerpt: z.ZodString;
+        kind: z.ZodOptional<z.ZodEnum<["excerpt", "diff", "prompt_diff"]>>;
+        diff: z.ZodOptional<z.ZodString>;
+        before: z.ZodOptional<z.ZodString>;
+        after: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         role: "user" | "assistant" | "system";
         excerpt: string;
+        diff?: string | undefined;
+        kind?: "diff" | "excerpt" | "prompt_diff" | undefined;
+        before?: string | undefined;
+        after?: string | undefined;
     }, {
         role: "user" | "assistant" | "system";
         excerpt: string;
+        diff?: string | undefined;
+        kind?: "diff" | "excerpt" | "prompt_diff" | undefined;
+        before?: string | undefined;
+        after?: string | undefined;
     }>, "many">>;
     filesTouched: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
     commandsRun: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
     metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "strip", z.ZodTypeAny, {
     sessionId: string;
-    sequence: number;
     kind: "setup_complete" | "session_checkpoint" | "direction_change" | "implementation_update" | "verification_result" | "final_summary";
+    sequence: number;
     summary: string;
     evidence: {
         role: "user" | "assistant" | "system";
         excerpt: string;
+        diff?: string | undefined;
+        kind?: "diff" | "excerpt" | "prompt_diff" | undefined;
+        before?: string | undefined;
+        after?: string | undefined;
     }[];
     filesTouched: string[];
     commandsRun: string[];
     metadata: Record<string, unknown>;
 }, {
     sessionId: string;
-    sequence: number;
     kind: "setup_complete" | "session_checkpoint" | "direction_change" | "implementation_update" | "verification_result" | "final_summary";
+    sequence: number;
     summary: string;
     evidence?: {
         role: "user" | "assistant" | "system";
         excerpt: string;
+        diff?: string | undefined;
+        kind?: "diff" | "excerpt" | "prompt_diff" | undefined;
+        before?: string | undefined;
+        after?: string | undefined;
     }[] | undefined;
     filesTouched?: string[] | undefined;
     commandsRun?: string[] | undefined;
@@ -82,31 +102,44 @@ export declare const provenanceSignalSchema: z.ZodObject<{
     installToken?: string | undefined;
 }>;
 export type ProvenanceSignal = z.infer<typeof provenanceSignalSchema>;
+type AskTheWConfig = {
+    redaction?: {
+        enabled?: boolean;
+    };
+    digest?: {
+        footer?: boolean;
+    };
+};
+export declare function loadAskTheWConfig(env?: NodeJS.ProcessEnv): AskTheWConfig;
 export declare function redactProvenanceSignal(input: ProvenanceSignal): {
-    decision: string;
-    rationale: string;
-    framework: string | undefined;
-    filesAffected: string[];
-    originatingPrompt: string | undefined;
-    installToken: string | undefined;
-    metadata: Record<string, unknown>;
     sessionId: string;
+    metadata: Record<string, unknown>;
     source: string;
+    decision: string;
+    rationale: string;
     confidence: number;
+    filesAffected: string[];
+    framework?: string | undefined;
     pendingApproval?: boolean | undefined;
+    originatingPrompt?: string | undefined;
+    installToken?: string | undefined;
 };
 export declare function redactCodingSessionSignal(input: CodingSessionSignal): {
+    sessionId: string;
+    kind: "setup_complete" | "session_checkpoint" | "direction_change" | "implementation_update" | "verification_result" | "final_summary";
+    sequence: number;
     summary: string;
     evidence: {
-        excerpt: string;
         role: "user" | "assistant" | "system";
+        excerpt: string;
+        diff?: string | undefined;
+        kind?: "diff" | "excerpt" | "prompt_diff" | undefined;
+        before?: string | undefined;
+        after?: string | undefined;
     }[];
     filesTouched: string[];
     commandsRun: string[];
     metadata: Record<string, unknown>;
-    sessionId: string;
-    sequence: number;
-    kind: "setup_complete" | "session_checkpoint" | "direction_change" | "implementation_update" | "verification_result" | "final_summary";
 };
 export interface AskTheWMcpServerOptions {
     credentials?: {
@@ -125,3 +158,4 @@ export interface AskTheWMcpServerOptions {
 }
 export declare function normalizeInstallTokenInput(token: string | undefined): string;
 export declare function createAskTheWMcpServer(options?: AskTheWMcpServerOptions): McpServer;
+export {};