@corbat-tech/coco 2.25.3 → 2.25.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +42 -4
- package/dist/cli/index.js.map +1 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cli/index.js
CHANGED
|
@@ -21295,12 +21295,29 @@ var init_http = __esm({
|
|
|
21295
21295
|
});
|
|
21296
21296
|
let response = await doFetch();
|
|
21297
21297
|
if (response.status !== 401 || !this.shouldAttemptOAuth()) {
|
|
21298
|
+
if (this.shouldAttemptOAuth() && !this.oauthToken && response.headers.get("www-authenticate")) {
|
|
21299
|
+
await this.ensureOAuthToken(response.headers.get("www-authenticate"));
|
|
21300
|
+
response = await doFetch();
|
|
21301
|
+
}
|
|
21298
21302
|
return response;
|
|
21299
21303
|
}
|
|
21300
21304
|
await this.ensureOAuthToken(response.headers.get("www-authenticate"));
|
|
21301
21305
|
response = await doFetch();
|
|
21302
21306
|
return response;
|
|
21303
21307
|
}
|
|
21308
|
+
looksLikeAuthErrorMessage(message) {
|
|
21309
|
+
if (!message) return false;
|
|
21310
|
+
const msg = message.toLowerCase();
|
|
21311
|
+
const hasStrongAuthSignal = msg.includes("unauthorized") || msg.includes("unauthorised") || msg.includes("authentication") || msg.includes("oauth") || msg.includes("access token") || msg.includes("bearer") || msg.includes("not authenticated") || msg.includes("not logged") || msg.includes("login") || msg.includes("generate") && msg.includes("token");
|
|
21312
|
+
const hasVendorHint = msg.includes("gemini cli") || msg.includes("jira") || msg.includes("confluence") || msg.includes("atlassian");
|
|
21313
|
+
const hasWeakAuthSignal = msg.includes("authenticate") || msg.includes("token") || msg.includes("authorization");
|
|
21314
|
+
return hasStrongAuthSignal || // Vendor-specific hints alone are not enough; require an auth-related token too.
|
|
21315
|
+
hasVendorHint && hasWeakAuthSignal;
|
|
21316
|
+
}
|
|
21317
|
+
isJsonRpcAuthError(payload) {
|
|
21318
|
+
if (!payload.error) return false;
|
|
21319
|
+
return this.looksLikeAuthErrorMessage(payload.error.message);
|
|
21320
|
+
}
|
|
21304
21321
|
/**
|
|
21305
21322
|
* Connect to the HTTP transport
|
|
21306
21323
|
*/
|
|
@@ -21364,6 +21381,22 @@ var init_http = __esm({
|
|
|
21364
21381
|
throw new MCPTransportError(`HTTP error ${response.status}: ${response.statusText}`);
|
|
21365
21382
|
}
|
|
21366
21383
|
const data = await response.json();
|
|
21384
|
+
if (this.shouldAttemptOAuth() && this.isJsonRpcAuthError(data)) {
|
|
21385
|
+
await this.ensureOAuthToken(response.headers.get("www-authenticate"));
|
|
21386
|
+
const retryResponse = await this.sendRequestWithOAuthRetry(
|
|
21387
|
+
"POST",
|
|
21388
|
+
JSON.stringify(message),
|
|
21389
|
+
abortController.signal
|
|
21390
|
+
);
|
|
21391
|
+
if (!retryResponse.ok) {
|
|
21392
|
+
throw new MCPTransportError(
|
|
21393
|
+
`HTTP error ${retryResponse.status}: ${retryResponse.statusText}`
|
|
21394
|
+
);
|
|
21395
|
+
}
|
|
21396
|
+
const retryData = await retryResponse.json();
|
|
21397
|
+
this.messageCallback?.(retryData);
|
|
21398
|
+
return;
|
|
21399
|
+
}
|
|
21367
21400
|
this.messageCallback?.(data);
|
|
21368
21401
|
return;
|
|
21369
21402
|
} catch (error) {
|
|
@@ -38211,9 +38244,6 @@ async function savePermissionPreference(key, value) {
|
|
|
38211
38244
|
}
|
|
38212
38245
|
async function shouldShowPermissionSuggestion() {
|
|
38213
38246
|
const prefs = await loadPermissionPreferences();
|
|
38214
|
-
if (prefs.recommendedAllowlistPrompted) {
|
|
38215
|
-
return false;
|
|
38216
|
-
}
|
|
38217
38247
|
if (prefs.recommendedAllowlistDismissed) {
|
|
38218
38248
|
return false;
|
|
38219
38249
|
}
|
|
@@ -38229,7 +38259,6 @@ async function applyRecommendedPermissions() {
|
|
|
38229
38259
|
await savePermissionPreference("recommendedAllowlistApplied", true);
|
|
38230
38260
|
}
|
|
38231
38261
|
async function showPermissionSuggestion() {
|
|
38232
|
-
await savePermissionPreference("recommendedAllowlistPrompted", true);
|
|
38233
38262
|
console.log();
|
|
38234
38263
|
console.log(chalk.magenta.bold(" \u{1F4CB} Recommended Permissions"));
|
|
38235
38264
|
console.log();
|
|
@@ -38256,6 +38285,7 @@ async function showPermissionSuggestion() {
|
|
|
38256
38285
|
return;
|
|
38257
38286
|
}
|
|
38258
38287
|
if (action === "dismiss") {
|
|
38288
|
+
await savePermissionPreference("recommendedAllowlistPrompted", true);
|
|
38259
38289
|
await savePermissionPreference("recommendedAllowlistDismissed", true);
|
|
38260
38290
|
console.log(chalk.dim(" Won't show again. Use /permissions to apply later."));
|
|
38261
38291
|
return;
|
|
@@ -38271,6 +38301,7 @@ async function showPermissionSuggestion() {
|
|
|
38271
38301
|
}
|
|
38272
38302
|
}
|
|
38273
38303
|
await applyRecommendedPermissions();
|
|
38304
|
+
await savePermissionPreference("recommendedAllowlistPrompted", true);
|
|
38274
38305
|
console.log(chalk.green(" \u2713 Recommended permissions applied"));
|
|
38275
38306
|
console.log(chalk.dim(" Use /permissions to review or modify anytime."));
|
|
38276
38307
|
}
|
|
@@ -52830,6 +52861,13 @@ async function startRepl(options = {}) {
|
|
|
52830
52861
|
if (activeCount > 0) {
|
|
52831
52862
|
logger2.info(`[MCP] ${activeCount} MCP server(s) active`);
|
|
52832
52863
|
}
|
|
52864
|
+
const failedServers = enabledServers.map((s) => s.name).filter((name) => !connections.has(name));
|
|
52865
|
+
if (failedServers.length > 0) {
|
|
52866
|
+
p26.log.warn(
|
|
52867
|
+
`MCP startup check: ${failedServers.length} server(s) failed to connect: ${failedServers.join(", ")}`
|
|
52868
|
+
);
|
|
52869
|
+
p26.log.message(chalk.dim("Run /mcp health <name> to inspect details."));
|
|
52870
|
+
}
|
|
52833
52871
|
}
|
|
52834
52872
|
} catch (mcpError) {
|
|
52835
52873
|
logger2.warn(
|