@askthew/mcp-plugin 0.4.2 → 0.4.4

package/dist/cli.d.ts

@@ -1,10 +1,7 @@
 #!/usr/bin/env node
-import { requestMagicLinkCode as requestMagicLinkCodeDefault, verifyMagicLinkCode as verifyMagicLinkCodeDefault } from "./lib/auth-magic-link.js";
 import { tryRegisterFreeInstall } from "./lib/free-install-registration.js";
 type AuthCommandDeps = {
     log?: (message: string) => void;
-    requestMagicLinkCode?: typeof requestMagicLinkCodeDefault;
-    verifyMagicLinkCode?: typeof verifyMagicLinkCodeDefault;
     registerFreeInstall?: typeof tryRegisterFreeInstall;
 };
 export declare function runAuthCommand(argv: string[], deps?: AuthCommandDeps): Promise<void>;

package/dist/cli.js

@@ -5,9 +5,7 @@ import path from "node:path";
 import { execFileSync } from "node:child_process";
 import { fileURLToPath } from "node:url";
 import { createAskTheWMcpServer } from "./index.js";
-import { clearPendingAuth, pendingAuth, pendingAuthForEmail } from "./lib/auth-pending.js";
-import { verifyMagicLinkCode as verifyMagicLinkCodeDefault, } from "./lib/auth-magic-link.js";
-import { credentialsPath, ensureAskTheWDataDir } from "./lib/paths.js";
+import { ensureAskTheWDataDir, identityPath } from "./lib/paths.js";
 import { loadCliCredentials } from "./lib/free-tier-policy.js";
 import { describeFreeIdentity, tryRegisterFreeInstall } from "./lib/free-install-registration.js";
 import { ensureLocalIdentity, loadLocalIdentity, publicIdentity } from "./lib/local-identity.js";
@@ -28,13 +26,12 @@ function usage() {
         "  askthew-mcp identify --email <email> [--no-telemetry]",
         "  askthew-mcp identity status",
         "  askthew-mcp auth login --email <email> [--no-telemetry]",
-        "  askthew-mcp auth verify --code <code> [--email <email>]",
         "  askthew-mcp auth logout | status",
         "  askthew-mcp telemetry status | opt-out | opt-in | preview",
         "  askthew-mcp local stats | reset --hard",
         "  askthew-mcp install-hook --pre-commit",
         "  askthew-mcp digest --weekly",
-        "  askthew-mcp sync upload [--dry-run]",
+        "  askthew-mcp sync upload [--token <workspace-install-token>] [--dry-run]",
         "  askthew-mcp print-config --host <claude_code|codex|cursor> --token <install-token> --api-url <url> --server-name <name> [--client-id <id>] [--client-label <label>]",
     ].join("\n");
 }
@@ -340,7 +337,7 @@ async function runUninstallCommand(argv) {
         fs.rmSync(ensureAskTheWDataDir(), { recursive: true, force: true });
     }
     if (!keepAuth && !dryRun) {
-        const file = credentialsPath();
+        const file = identityPath();
         if (fs.existsSync(file))
             fs.rmSync(file, { force: true });
     }
@@ -362,55 +359,27 @@ function argValue(argv, name) {
 }
 export async function runAuthCommand(argv, deps = {}) {
     const log = deps.log ?? console.log;
-    const verifyCode = deps.verifyMagicLinkCode ?? verifyMagicLinkCodeDefault;
     const registerInstall = deps.registerFreeInstall ?? tryRegisterFreeInstall;
     const [subcommand] = argv;
     if (subcommand === "status") {
         const identity = loadLocalIdentity();
-        const credentials = loadCliCredentials();
         log(identity
             ? `Identified local free install ${identity.installId}${identity.emailClaim ? ` with email claim ${identity.emailClaim}` : ""}. Email claim is unverified until upgrade.`
-            : credentials
-                ? `Logged in as ${credentials.email ?? credentials.userId}. Telemetry: ${credentials.telemetryOptOut ? "off" : "on"}`
-                : pendingAuth()
-                    ? `Not logged in. Pending code for ${pendingAuth()?.email}. Run \`askthew-mcp auth verify --code <6-digit-code>\`.`
-                    : `No local identity yet. Run \`askthew-mcp identify --email <your-email>\`, or install with \`--free --email <your-email>\`.`);
+            : `No local identity yet. Run \`askthew-mcp identify --email <your-email>\`, or install with \`--free --email <your-email>\`.`);
         return;
     }
     if (subcommand === "logout") {
-        const file = credentialsPath();
+        const file = identityPath();
         if (fs.existsSync(file))
             fs.rmSync(file);
-        log("Logged out of Ask The W local free tier.");
+        log("Removed Ask The W local free install identity.");
         return;
     }
-    if (subcommand !== "login" && subcommand !== "verify") {
-        throw new Error("Usage: askthew-mcp auth login --email <email> [--no-telemetry] | askthew-mcp auth verify --code <code> [--email <email>]");
+    if (subcommand !== "login") {
+        throw new Error("Usage: askthew-mcp auth login --email <email> [--no-telemetry] | askthew-mcp auth logout | status");
     }
     ensureAskTheWDataDir();
     const email = argValue(argv, "--email")?.trim();
-    const code = argValue(argv, "--code")?.trim();
-    if (subcommand === "verify" || code) {
-        if (!code)
-            throw new Error("Missing --code.");
-        const pending = email ? pendingAuthForEmail(email) : pendingAuth();
-        if (!pending) {
-            throw new Error(email
-                ? `No pending Ask The W login request for ${email}. Run \`askthew-mcp auth login --email ${email}\` first.`
-                : "No pending Ask The W login request. Run `askthew-mcp auth login --email <email>` first.");
-        }
-        if (subcommand === "login") {
-            log("Using the pending Ask The W login request. Next time, run `askthew-mcp auth verify --code <6-digit-code>`.");
-        }
-        const credentials = await verifyCode({
-            requestId: pending.requestId,
-            code,
-            telemetryOptOut: pending.telemetryOptOut,
-        });
-        clearPendingAuth();
-        log(`Logged in. Account status: ${credentials.accountStatus}. Credentials stored with mode 0600.`);
-        return;
-    }
     if (!email)
         throw new Error("Missing --email.");
     const noTelemetry = argv.includes("--no-telemetry");
@@ -464,15 +433,8 @@ async function runTelemetryCommand(argv) {
         return;
     }
     if (subcommand === "opt-out" || subcommand === "opt-in") {
-        if (credentials.identityKind === "local_install" && credentials.localIdentity) {
-            ensureLocalIdentity({ telemetryOptOut: subcommand === "opt-out" });
-            console.log(`Telemetry: ${subcommand === "opt-out" ? "off" : "on"}`);
-            return;
-        }
-        const next = { ...credentials, telemetryOptOut: subcommand === "opt-out" };
-        fs.writeFileSync(credentialsPath(), `${JSON.stringify(next, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
-        fs.chmodSync(credentialsPath(), 0o600);
-        console.log(`Telemetry: ${next.telemetryOptOut ? "off" : "on"}`);
+        ensureLocalIdentity({ telemetryOptOut: subcommand === "opt-out" });
+        console.log(`Telemetry: ${subcommand === "opt-out" ? "off" : "on"}`);
         return;
     }
     if (subcommand === "preview") {
@@ -525,7 +487,7 @@ async function runDigestCommand(argv) {
 }
 async function runSyncCommand(argv) {
     if (argv[0] !== "upload")
-        throw new Error("Usage: askthew-mcp sync upload [--dry-run]");
+        throw new Error("Usage: askthew-mcp sync upload [--token <workspace-install-token>] [--dry-run]");
     const credentials = loadCliCredentials();
     if (!credentials)
         throw new Error("No local identity. Run `askthew-mcp identify --email <your-email>` first.");
@@ -534,7 +496,11 @@ async function runSyncCommand(argv) {
         console.log(JSON.stringify(syncDryRun(store), null, 2));
         return;
     }
-    console.log(JSON.stringify(await uploadLocalStore({ store, credentials }), null, 2));
+    const syncToken = argValue(argv, "--token")?.trim() || process.env.ASKTHEW_INSTALL_TOKEN?.trim();
+    if (!syncToken) {
+        throw new Error("Missing workspace install token. Pass `--token <workspace-install-token>` after upgrading.");
+    }
+    console.log(JSON.stringify(await uploadLocalStore({ store, credentials, syncToken }), null, 2));
 }
 const isDirectCliExecution = Boolean(process.argv[1]) && path.resolve(process.argv[1]) === fileURLToPath(import.meta.url);
 if (isDirectCliExecution) {

package/dist/cli.test.js

@@ -6,7 +6,7 @@ import os from "node:os";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { runAuthCommand } from "./cli.js";
-import { configPath, credentialsPath, identityPath, writePrivateJson } from "./lib/paths.js";
+import { identityPath } from "./lib/paths.js";
 const cliPath = fileURLToPath(new URL("./cli.js", import.meta.url));
 function makeFixture() {
     const root = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-cli-install-"));
@@ -38,14 +38,6 @@ function runCli(input) {
         },
     });
 }
-function writeCredentials(dataDir) {
-    fs.writeFileSync(path.join(dataDir, "credentials.json"), `${JSON.stringify({
-        email: "founder@example.com",
-        userId: "user_1",
-        cliToken: "cli_token",
-        cliTokenId: "cli_token_1",
-    }, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
-}
 async function withCliEnv(dataDir, fn) {
     const previous = {
         ASKTHEW_DATA_DIR: process.env.ASKTHEW_DATA_DIR,
@@ -120,10 +112,10 @@ test("free install dry-run stays non-mutating and does not create identity", ()
         fs.rmSync(fixture.root, { recursive: true, force: true });
     }
 });
-test("free install with auth writes host config and agent instructions", () => {
+test("free install ignores stale legacy credentials and writes local identity", () => {
     const fixture = makeFixture();
     try {
-        writeCredentials(fixture.dataDir);
+        fs.writeFileSync(path.join(fixture.dataDir, "credentials.json"), "{\"legacy\":true}\n", "utf8");
         const result = runCli({
             args: ["install", "--host", "claude_code", "--free", "--api-url", "http://127.0.0.1:9"],
             cwd: fixture.project,
@@ -140,21 +132,15 @@ test("free install with auth writes host config and agent instructions", () => {
         assert.equal("ASKTHEW_CLI_TOKEN" in server.env, false);
         assert.equal("ASKTHEW_INSTALL_TOKEN" in server.env, false);
         assert.match(fs.readFileSync(path.join(fixture.project, "CLAUDE.md"), "utf8"), /capture_session_signal/);
+        assert.equal(fs.existsSync(path.join(fixture.dataDir, "identity.json")), true);
     }
     finally {
         fs.rmSync(fixture.root, { recursive: true, force: true });
     }
 });
-test("auth status reports a pending verification code", () => {
+test("auth status reports missing local identity without pending-code guidance", () => {
     const fixture = makeFixture();
     try {
-        fs.writeFileSync(path.join(fixture.dataDir, "config.json"), `${JSON.stringify({
-            pendingAuth: {
-                email: "founder@example.com",
-                requestId: "request_1",
-                expiresAt: new Date(Date.now() + 60_000).toISOString(),
-            },
-        }, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
         const result = runCli({
             args: ["auth", "status"],
             cwd: fixture.project,
@@ -162,31 +148,35 @@ test("auth status reports a pending verification code", () => {
             dataDir: fixture.dataDir,
         });
         assert.equal(result.status, 0, result.stderr);
-        assert.match(result.stdout, /Pending code for founder@example\.com/);
-        assert.match(result.stdout, /askthew-mcp auth verify --code/);
+        assert.match(result.stdout, /No local identity yet/);
+        assert.doesNotMatch(result.stdout, /verify --code|Pending code/);
     }
     finally {
         fs.rmSync(fixture.root, { recursive: true, force: true });
     }
 });
-test("auth code commands require pending state and do not issue a new code", () => {
+test("removed auth code commands do not issue or verify email codes", () => {
     const fixture = makeFixture();
     try {
-        for (const args of [
-            ["auth", "verify", "--code", "123456"],
-            ["auth", "login", "--email", "founder@example.com", "--code", "123456"],
-        ]) {
-            const result = runCli({
-                args,
-                cwd: fixture.project,
-                home: fixture.home,
-                dataDir: fixture.dataDir,
-                extraEnv: { ASKTHEW_API_URL: "http://127.0.0.1:9" },
-            });
-            assert.equal(result.status, 1);
-            assert.match(result.stderr, /No pending Ask The W login request/);
-            assert.doesNotMatch(result.stdout, /Code sent/);
-        }
+        const verify = runCli({
+            args: ["auth", "verify", "--code", "123456"],
+            cwd: fixture.project,
+            home: fixture.home,
+            dataDir: fixture.dataDir,
+            extraEnv: { ASKTHEW_API_URL: "http://127.0.0.1:9" },
+        });
+        assert.equal(verify.status, 1);
+        assert.match(verify.stderr, /Usage: askthew-mcp auth login/);
+        const loginWithCode = runCli({
+            args: ["auth", "login", "--email", "founder@example.com", "--code", "123456"],
+            cwd: fixture.project,
+            home: fixture.home,
+            dataDir: fixture.dataDir,
+            extraEnv: { ASKTHEW_API_URL: "http://127.0.0.1:9" },
+        });
+        assert.equal(loginWithCode.status, 0, loginWithCode.stderr);
+        assert.match(loginWithCode.stdout, /No email code is required/);
+        assert.doesNotMatch(loginWithCode.stdout, /Code sent|Logged in/);
     }
     finally {
         fs.rmSync(fixture.root, { recursive: true, force: true });
@@ -200,14 +190,6 @@ test("auth login now identifies the local free install without requesting an ema
         await withCliEnv(fixture.dataDir, async () => {
             await runAuthCommand(["login", "--email", "ymtest89+test5@gmail.com"], {
                 log: (message) => logs.push(message),
-                requestMagicLinkCode: async () => {
-                    calls.push({ type: "unexpected_request" });
-                    throw new Error("auth login must not request a new code.");
-                },
-                verifyMagicLinkCode: async () => {
-                    calls.push({ type: "unexpected_verify" });
-                    throw new Error("auth login must not verify a code.");
-                },
                 registerFreeInstall: async ({ identity }) => {
                     calls.push({ type: "register", installId: identity.installId, emailClaim: identity.emailClaim });
                     return { ok: true, registeredAt: new Date().toISOString() };
@@ -218,57 +200,10 @@ test("auth login now identifies the local free install without requesting an ema
         assert.equal(calls[0].type, "register");
         assert.equal(calls[0].emailClaim, "ymtest89+test5@gmail.com");
         assert.equal(fs.existsSync(identityPath({ ASKTHEW_DATA_DIR: fixture.dataDir })), true);
-        assert.equal(fs.existsSync(credentialsPath({ ASKTHEW_DATA_DIR: fixture.dataDir })), false);
+        assert.equal(fs.existsSync(path.join(fixture.dataDir, "credentials.json")), false);
         assert.match(logs.join("\n"), /No email code is required/);
     }
     finally {
         fs.rmSync(fixture.root, { recursive: true, force: true });
     }
 });
-test("backwards-compatible auth login --code verifies pending state without requesting a new code", async () => {
-    const fixture = makeFixture();
-    const calls = [];
-    const logs = [];
-    try {
-        await withCliEnv(fixture.dataDir, async () => {
-            writePrivateJson(configPath(), {
-                pendingAuth: {
-                    email: "ymtest89+test5@gmail.com",
-                    requestId: "22222222-2222-4222-8222-222222222222",
-                    expiresAt: new Date(Date.now() + 10 * 60_000).toISOString(),
-                },
-            });
-            await runAuthCommand(["login", "--email", "ymtest89+test5@gmail.com", "--code", "150259"], {
-                log: (message) => logs.push(message),
-                requestMagicLinkCode: async () => {
-                    calls.push({ type: "unexpected_request" });
-                    throw new Error("login --code must not request a new code.");
-                },
-                verifyMagicLinkCode: async (input) => {
-                    calls.push({ type: "verify", requestId: input.requestId, code: input.code });
-                    const credentials = {
-                        email: "ymtest89+test5@gmail.com",
-                        userId: "user_2",
-                        cliToken: "cli_token_2",
-                        cliTokenId: "cli_token_2",
-                        accountStatus: "new_dormant",
-                    };
-                    writePrivateJson(credentialsPath(), credentials);
-                    return credentials;
-                },
-            });
-        });
-        assert.deepEqual(calls, [
-            {
-                type: "verify",
-                requestId: "22222222-2222-4222-8222-222222222222",
-                code: "150259",
-            },
-        ]);
-        assert.match(logs.join("\n"), /Using the pending Ask The W login request/);
-        assert.match(logs.join("\n"), /Logged in/);
-    }
-    finally {
-        fs.rmSync(fixture.root, { recursive: true, force: true });
-    }
-});

package/dist/free-tier-policy.test.js

@@ -4,6 +4,7 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { resolveMcpMode } from "./lib/free-tier-policy.js";
+import { ensureLocalIdentity } from "./lib/local-identity.js";
 function withTempDataDir(fn) {
     const dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-mode-"));
     try {
@@ -21,15 +22,15 @@ test("mode resolution prefers paid install tokens", () => {
     assert.equal(mode.mode, "paid");
     assert.equal(mode.reason, "workspace_install_token");
 });
-test("mode resolution detects authenticated free credentials", () => {
-    const mode = resolveMcpMode({
-        ASKTHEW_CLI_TOKEN: "cli_token",
-        ASKTHEW_USER_ID: "user_1",
-        ASKTHEW_CLI_TOKEN_ID: "cli_token_1",
+test("mode resolution detects local free install identity", () => {
+    withTempDataDir((env) => {
+        ensureLocalIdentity({ emailClaim: "founder@example.com", env });
+        const mode = resolveMcpMode(env);
+        assert.equal(mode.mode, "free");
+        assert.equal(mode.reason, "local_install_identity");
+        assert.equal(mode.cliCredentials?.userId, mode.cliCredentials?.installId);
+        assert.equal(mode.cliCredentials?.email, "founder@example.com");
     });
-    assert.equal(mode.mode, "free");
-    assert.equal(mode.reason, "cli_free_tier_credentials");
-    assert.equal(mode.cliCredentials?.userId, "user_1");
 });
 test("mode resolution distinguishes pending free auth from no identity", () => {
     withTempDataDir((env) => {
@@ -39,12 +40,12 @@ test("mode resolution distinguishes pending free auth from no identity", () => {
         });
         const none = resolveMcpMode(env);
         assert.equal(pending.mode, "free_pending_auth");
-        assert.equal(pending.reason, "free_mode_no_credentials");
+        assert.equal(pending.reason, "free_mode_no_identity");
         assert.equal(none.mode, "unauthenticated");
         assert.equal(none.reason, "no_identity");
     });
 });
-test("mode resolution marks malformed free credentials as pending auth", () => {
+test("mode resolution ignores legacy credentials files", () => {
     withTempDataDir((env, dataDir) => {
         fs.writeFileSync(path.join(dataDir, "credentials.json"), "{\"not\":\"credentials\"}\n", "utf8");
         const mode = resolveMcpMode({
@@ -52,6 +53,6 @@ test("mode resolution marks malformed free credentials as pending auth", () => {
             ASKTHEW_FREE_MODE: "1",
         });
         assert.equal(mode.mode, "free_pending_auth");
-        assert.equal(mode.reason, "invalid_cli_credentials");
+        assert.equal(mode.reason, "free_mode_no_identity");
     });
 });

package/dist/index.test.js

@@ -5,7 +5,7 @@ import os from "node:os";
 import path from "node:path";
 import { codingSessionSignalSchema, createAskTheWMcpServer, normalizeInstallTokenInput, redactCodingSessionSignal, redactProvenanceSignal, } from "./index.js";
 import { LocalStore } from "./lib/local-store.js";
-import { credentialsPath, writePrivateJson } from "./lib/paths.js";
+import { ensureLocalIdentity } from "./lib/local-identity.js";
 function toolResultJson(result) {
     return JSON.parse(result.content[0].text);
 }
@@ -19,10 +19,11 @@ async function withFreeEnv(fn) {
         ASKTHEW_FREE_MODE: process.env.ASKTHEW_FREE_MODE,
     };
     const dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-free-tools-"));
-    process.env.ASKTHEW_CLI_TOKEN = "cli_free_token";
-    process.env.ASKTHEW_USER_ID = "local-user";
-    process.env.ASKTHEW_CLI_TOKEN_ID = "cli-token-id";
     process.env.ASKTHEW_DATA_DIR = dataDir;
+    ensureLocalIdentity({ emailClaim: "founder@example.com" });
+    delete process.env.ASKTHEW_CLI_TOKEN;
+    delete process.env.ASKTHEW_USER_ID;
+    delete process.env.ASKTHEW_CLI_TOKEN_ID;
     delete process.env.ASKTHEW_INSTALL_TOKEN;
     delete process.env.ASKTHEW_FREE_MODE;
     try {
@@ -83,16 +84,11 @@ async function withInstalledFreeEnv(fn) {
     const dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-installed-free-tools-"));
     process.env.ASKTHEW_FREE_MODE = "1";
     process.env.ASKTHEW_DATA_DIR = dataDir;
+    ensureLocalIdentity({ emailClaim: "ymtest89+test5@gmail.com" });
     delete process.env.ASKTHEW_CLI_TOKEN;
     delete process.env.ASKTHEW_USER_ID;
     delete process.env.ASKTHEW_CLI_TOKEN_ID;
     delete process.env.ASKTHEW_INSTALL_TOKEN;
-    writePrivateJson(credentialsPath(), {
-        email: "ymtest89+test5@gmail.com",
-        userId: "local-user",
-        cliToken: "cli_free_token",
-        cliTokenId: "cli-token-id",
-    });
     try {
         return await fn();
     }
@@ -644,7 +640,8 @@ test("authenticated free mode keeps capture, decisions, and review local without
         assert.equal(capture.ok, true);
         assert.match(decision.id, /^d_/);
         assert.equal(review.ok, true);
-        assert.equal(calls.length, 0);
+        assert.equal(calls.length, 1);
+        assert.match(calls[0].url, /\/api\/cli\/v1\/free-installs\/register$/);
         const store = LocalStore.open();
         try {
             const stats = store.stats();
@@ -686,7 +683,8 @@ test("installed free mode with credential file captures locally even if hosted a
         assert.equal(capture.sessionId, "session-installed-free");
         assert.equal("code" in capture, false);
         assert.equal(JSON.stringify(capture).includes("local_only_free_feature"), false);
-        assert.equal(calls.length, 0);
+        assert.equal(calls.length, 1);
+        assert.match(calls[0].url, /\/api\/cli\/v1\/free-installs\/register$/);
         const store = LocalStore.open();
         try {
             const signals = store.listSignals({ sessionId: "session-installed-free", limit: 10 });

package/dist/lib/free-tier-policy.d.ts

@@ -7,8 +7,7 @@ export interface CliCredentials {
     cliTokenId: string;
     apiUrl?: string;
     telemetryOptOut?: boolean;
-    accountStatus?: "new_dormant" | "existing_active";
-    identityKind?: "legacy_token" | "local_install";
+    identityKind: "local_install";
     installId?: string;
     localIdentity?: LocalInstallIdentity;
 }

package/dist/lib/free-tier-policy.js

@@ -1,20 +1,8 @@
-import fs from "node:fs";
-import { credentialsPath, readJsonFile } from "./paths.js";
 import { loadLocalIdentity } from "./local-identity.js";
 function clean(value) {
     return String(value ?? "").trim().replace(/^['"]/, "").replace(/['"]$/, "");
 }
 export function loadCliCredentials(env = process.env) {
-    const explicitToken = clean(env.ASKTHEW_CLI_TOKEN);
-    if (explicitToken) {
-        return {
-            userId: clean(env.ASKTHEW_USER_ID) || "local",
-            cliToken: explicitToken,
-            cliTokenId: clean(env.ASKTHEW_CLI_TOKEN_ID) || "env",
-            apiUrl: clean(env.ASKTHEW_API_URL) || undefined,
-            telemetryOptOut: env.ASKTHEW_TELEMETRY === "off",
-        };
-    }
     const localIdentity = loadLocalIdentity(env);
     if (localIdentity) {
         return {
@@ -29,11 +17,7 @@ export function loadCliCredentials(env = process.env) {
             localIdentity,
         };
     }
-    const creds = readJsonFile(credentialsPath(env));
-    if (!creds?.cliToken || !creds.userId || !creds.cliTokenId) {
-        return null;
-    }
-    return creds;
+    return null;
 }
 export function resolveMcpMode(env = process.env) {
     const installToken = clean(env.ASKTHEW_INSTALL_TOKEN);
@@ -49,13 +33,13 @@ export function resolveMcpMode(env = process.env) {
         return {
             mode: "free",
             cliCredentials: credentials,
-            reason: "cli_free_tier_credentials",
+            reason: "local_install_identity",
         };
     }
     if (clean(env.ASKTHEW_FREE_MODE) === "1" || clean(env.ASKTHEW_FREE_MODE).toLowerCase() === "true") {
         return {
             mode: "free_pending_auth",
-            reason: fs.existsSync(credentialsPath(env)) ? "invalid_cli_credentials" : "free_mode_no_credentials",
+            reason: "free_mode_no_identity",
         };
     }
     return {

package/dist/lib/paths.d.ts

@@ -1,7 +1,6 @@
 export declare function askTheWDataDir(env?: NodeJS.ProcessEnv): string;
 export declare function ensureAskTheWDataDir(env?: NodeJS.ProcessEnv): string;
 export declare function localStorePath(env?: NodeJS.ProcessEnv): string;
-export declare function credentialsPath(env?: NodeJS.ProcessEnv): string;
 export declare function identityPath(env?: NodeJS.ProcessEnv): string;
 export declare function configPath(env?: NodeJS.ProcessEnv): string;
 export declare function jsonFallbackStorePath(env?: NodeJS.ProcessEnv): string;

package/dist/lib/paths.js

@@ -20,9 +20,6 @@ export function ensureAskTheWDataDir(env = process.env) {
 export function localStorePath(env = process.env) {
     return path.join(askTheWDataDir(env), "store.sqlite");
 }
-export function credentialsPath(env = process.env) {
-    return path.join(askTheWDataDir(env), "credentials.json");
-}
 export function identityPath(env = process.env) {
     return path.join(askTheWDataDir(env), "identity.json");
 }

package/dist/lib/telemetry.js

@@ -31,13 +31,11 @@ export function buildTelemetryPayload(input) {
             platform: `${process.platform}-${process.arch}`,
             node: process.version.replace(/^v/, ""),
         },
-        identity: input.credentials.identityKind === "local_install"
-            ? {
-                kind: "local_install",
-                installId: input.credentials.installId,
-                emailClaimed: Boolean(input.credentials.email),
-            }
-            : { kind: "legacy_token" },
+        identity: {
+            kind: "local_install",
+            installId: input.credentials.installId,
+            emailClaimed: Boolean(input.credentials.email),
+        },
     });
 }
 export async function flushTelemetryOutbox(input) {
@@ -46,7 +44,7 @@ export async function flushTelemetryOutbox(input) {
     }
     const fetcher = input.fetchImpl ?? fetch;
     const apiUrl = (input.apiUrl ?? input.credentials.apiUrl ?? process.env.ASKTHEW_API_URL ?? "https://app.askthew.com").replace(/\/$/, "");
-    if (input.credentials.identityKind === "local_install" && input.credentials.localIdentity) {
+    if (input.credentials.localIdentity) {
         await tryRegisterFreeInstall({
             identity: input.credentials.localIdentity,
             deviceLabel: "askthew-mcp",
@@ -56,20 +54,18 @@ export async function flushTelemetryOutbox(input) {
     let sent = 0;
     for (const row of input.store.listTelemetryOutbox({ undeliveredOnly: true, limit: 20 })) {
         const body = JSON.stringify(row.payload);
-        const signed = input.credentials.identityKind === "local_install" && input.credentials.localIdentity
-            ? signLocalIdentityPayload({ identity: input.credentials.localIdentity, body })
-            : null;
+        if (!input.credentials.localIdentity) {
+            input.store.markTelemetryAttempt(row.id, false);
+            continue;
+        }
+        const signed = signLocalIdentityPayload({ identity: input.credentials.localIdentity, body });
         const response = await fetcher(`${apiUrl}/api/cli/v1/telemetry`, {
             method: "POST",
             headers: {
                 "Content-Type": "application/json",
-                ...(signed
-                    ? {
-                        "X-AskTheW-Install-Id": input.credentials.localIdentity.installId,
-                        "X-AskTheW-Timestamp": signed.timestamp,
-                        "X-AskTheW-Signature": signed.signature,
-                    }
-                    : { Authorization: `Bearer ${input.credentials.cliToken}` }),
+                "X-AskTheW-Install-Id": input.credentials.localIdentity.installId,
+                "X-AskTheW-Timestamp": signed.timestamp,
+                "X-AskTheW-Signature": signed.signature,
             },
             body,
         }).catch(() => null);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askthew/mcp-plugin",
-  "version": "0.4.2",
+  "version": "0.4.4",
   "private": false,
   "description": "Ask The W plugin connector for local-first coding-agent decisions, signals, and review.",
   "type": "module",

package/dist/auth-pending.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/auth-pending.test.js

@@ -1,56 +0,0 @@
-import test from "node:test";
-import assert from "node:assert/strict";
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { clearPendingAuth, pendingAuth, pendingAuthForEmail, savePendingAuth } from "./lib/auth-pending.js";
-import { configPath } from "./lib/paths.js";
-function withTempEnv(fn) {
-    const dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "askthew-auth-pending-"));
-    try {
-        return fn({ ASKTHEW_DATA_DIR: dataDir });
-    }
-    finally {
-        fs.rmSync(dataDir, { recursive: true, force: true });
-    }
-}
-test("pending auth stores and resolves the request id for the matching email", () => {
-    withTempEnv((env) => {
-        savePendingAuth({
-            email: "Founder@Example.com",
-            requestId: "request_1",
-            expiresAt: new Date(Date.now() + 60_000).toISOString(),
-            telemetryOptOut: true,
-        }, env);
-        const pending = pendingAuthForEmail("founder@example.com", env);
-        assert.equal(pending?.requestId, "request_1");
-        assert.equal(pending?.telemetryOptOut, true);
-        assert.equal(pendingAuth(env)?.email, "Founder@Example.com");
-    });
-});
-test("pending auth ignores other emails and clears expired requests", () => {
-    withTempEnv((env) => {
-        savePendingAuth({
-            email: "founder@example.com",
-            requestId: "request_1",
-            expiresAt: new Date(Date.now() - 1_000).toISOString(),
-        }, env);
-        assert.equal(pendingAuthForEmail("other@example.com", env), null);
-        assert.equal(pendingAuthForEmail("founder@example.com", env), null);
-        const config = JSON.parse(fs.readFileSync(configPath(env), "utf8"));
-        assert.equal("pendingAuth" in config, false);
-    });
-});
-test("pending auth clear keeps the config file private and removes only pending auth", () => {
-    withTempEnv((env) => {
-        savePendingAuth({
-            email: "founder@example.com",
-            requestId: "request_1",
-            expiresAt: new Date(Date.now() + 60_000).toISOString(),
-        }, env);
-        clearPendingAuth(env);
-        const config = JSON.parse(fs.readFileSync(configPath(env), "utf8"));
-        assert.equal("pendingAuth" in config, false);
-        assert.equal((fs.statSync(configPath(env)).mode & 0o777), 0o600);
-    });
-});

package/dist/lib/auth-magic-link.d.ts

@@ -1,22 +0,0 @@
-import type { CliCredentials } from "./free-tier-policy.js";
-export interface MagicLinkClientOptions {
-    apiUrl?: string;
-    fetchImpl?: typeof fetch;
-}
-export declare function requestMagicLinkCode(input: {
-    email: string;
-    deviceLabel?: string;
-    apiUrl?: string;
-    fetchImpl?: typeof fetch;
-}): Promise<{
-    requestId: string;
-    expiresAt: string;
-    devCode?: string;
-}>;
-export declare function verifyMagicLinkCode(input: {
-    requestId: string;
-    code: string;
-    apiUrl?: string;
-    fetchImpl?: typeof fetch;
-    telemetryOptOut?: boolean;
-}): Promise<CliCredentials>;

package/dist/lib/auth-magic-link.js

@@ -1,43 +0,0 @@
-import { credentialsPath, writePrivateJson } from "./paths.js";
-function baseUrl(apiUrl) {
-    return (apiUrl?.trim() || process.env.ASKTHEW_API_URL?.trim() || "https://app.askthew.com").replace(/\/$/, "");
-}
-async function requestJson(route, body, options) {
-    const fetcher = options.fetchImpl ?? fetch;
-    const response = await fetcher(`${baseUrl(options.apiUrl)}${route}`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(body),
-    });
-    const payload = await response.json().catch(() => null);
-    if (!response.ok) {
-        const message = payload && typeof payload === "object" && "error" in payload
-            ? String(payload.error)
-            : "Ask The W auth request failed.";
-        throw new Error(message);
-    }
-    return payload;
-}
-export async function requestMagicLinkCode(input) {
-    return requestJson("/api/cli/v1/magic-link/request", {
-        email: input.email,
-        deviceLabel: input.deviceLabel,
-    }, input);
-}
-export async function verifyMagicLinkCode(input) {
-    const verified = await requestJson("/api/cli/v1/magic-link/verify", {
-        requestId: input.requestId,
-        code: input.code,
-    }, input);
-    const credentials = {
-        email: verified.email,
-        userId: verified.userId,
-        cliToken: verified.cliToken,
-        cliTokenId: verified.cliTokenId,
-        accountStatus: verified.accountStatus,
-        apiUrl: input.apiUrl,
-        telemetryOptOut: input.telemetryOptOut,
-    };
-    writePrivateJson(credentialsPath(), credentials);
-    return credentials;
-}

package/dist/lib/auth-pending.d.ts

@@ -1,23 +0,0 @@
-type CliConfig = {
-    pendingAuth?: {
-        email: string;
-        requestId: string;
-        expiresAt: string;
-        telemetryOptOut?: boolean;
-    };
-};
-export declare function savePendingAuth(input: NonNullable<CliConfig["pendingAuth"]>, env?: NodeJS.ProcessEnv): void;
-export declare function clearPendingAuth(env?: NodeJS.ProcessEnv): void;
-export declare function pendingAuthForEmail(email: string, env?: NodeJS.ProcessEnv): {
-    email: string;
-    requestId: string;
-    expiresAt: string;
-    telemetryOptOut?: boolean;
-} | null;
-export declare function pendingAuth(env?: NodeJS.ProcessEnv): {
-    email: string;
-    requestId: string;
-    expiresAt: string;
-    telemetryOptOut?: boolean;
-} | null;
-export {};

package/dist/lib/auth-pending.js

@@ -1,36 +0,0 @@
-import { configPath, readJsonFile, writePrivateJson } from "./paths.js";
-function loadCliConfig(env = process.env) {
-    return readJsonFile(configPath(env)) ?? {};
-}
-export function savePendingAuth(input, env = process.env) {
-    const config = loadCliConfig(env);
-    writePrivateJson(configPath(env), {
-        ...config,
-        pendingAuth: input,
-    });
-}
-export function clearPendingAuth(env = process.env) {
-    const config = loadCliConfig(env);
-    if (!config.pendingAuth)
-        return;
-    const { pendingAuth: _pendingAuth, ...next } = config;
-    writePrivateJson(configPath(env), next);
-}
-export function pendingAuthForEmail(email, env = process.env) {
-    const pending = pendingAuth(env);
-    if (!pending || pending.email.toLowerCase() !== email.toLowerCase()) {
-        return null;
-    }
-    return pending;
-}
-export function pendingAuth(env = process.env) {
-    const pending = loadCliConfig(env).pendingAuth;
-    if (!pending) {
-        return null;
-    }
-    if (Number.isFinite(Date.parse(pending.expiresAt)) && Date.parse(pending.expiresAt) <= Date.now()) {
-        clearPendingAuth(env);
-        return null;
-    }
-    return pending;
-}