npm - @cubis/foundry - Versions diffs - 0.3.59 → 0.3.61 - Mend

@cubis/foundry 0.3.59 → 0.3.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,27 @@
 All notable changes to this project are documented in this file.
+## [0.3.61] - 2026-03-05
+### Fixed
+- Extended MCP startup reliability fixes across all supported platforms:
+  - project/global Postman MCP runtime targets now prefer static Authorization headers when managed keys are available
+  - Stitch header generation now also supports managed static key injection for runtime startup reliability.
+- Unified default managed credential aliases across install paths:
+  - Postman default env alias is now `POSTMAN_API_KEY_DEFAULT`
+  - Stitch default env alias is now `STITCH_API_KEY_DEFAULT`
+  - aligns non-wizard installs with wizard persistence behavior across platforms.
+## [0.3.60] - 2026-03-05
+### Fixed
+- Fixed `cbx mcp serve` runtime failure from global npm installs by including required MCP runtime dependencies in the main package (`@modelcontextprotocol/sdk`, `zod`).
+- Improved Codex global Postman MCP startup reliability:
+  - after registration, CBX now patches Codex MCP config to use static Authorization headers when a managed Postman key is available
+  - avoids startup failures caused by missing shell-exported `POSTMAN_API_KEY_DEFAULT`.
 ## [0.3.59] - 2026-03-05
 ### Added

package/dist/cli/core.js CHANGED Viewed

@@ -134,7 +134,7 @@ const CODEX_WORKFLOW_SKILL_PREFIX = "workflow-";
 const CODEX_AGENT_SKILL_PREFIX = "agent-";
 const TERMINAL_VERIFIER_PROVIDERS = ["codex", "gemini"];
 const DEFAULT_TERMINAL_VERIFIER = "codex";
-const POSTMAN_API_KEY_ENV_VAR = "POSTMAN_API_KEY";
+const POSTMAN_API_KEY_ENV_VAR = "POSTMAN_API_KEY_DEFAULT";
 const POSTMAN_MODE_TO_URL = Object.freeze({
     minimal: "https://mcp.postman.com/minimal",
     code: "https://mcp.postman.com/code",
@@ -151,7 +151,7 @@ const FOUNDRY_MCP_SERVER_ID = "cubis-foundry";
 const FOUNDRY_MCP_COMMAND = "cbx";
 const STITCH_SKILL_ID = "stitch";
 const STITCH_MCP_SERVER_ID = "StitchMCP";
-const STITCH_API_KEY_ENV_VAR = "STITCH_API_KEY";
+const STITCH_API_KEY_ENV_VAR = "STITCH_API_KEY_DEFAULT";
 const STITCH_MCP_URL = "https://stitch.googleapis.com/mcp";
 const POSTMAN_WORKSPACE_MANUAL_CHOICE = "__postman_workspace_manual__";
 const CBX_CONFIG_FILENAME = "cbx_config.json";
@@ -1028,6 +1028,79 @@ function parseTomlSections(content) {
     }
     return sections;
 }
+function escapeTomlBasicString(value) {
+    return String(value ?? "")
+        .replace(/\\/g, "\\\\")
+        .replace(/"/g, '\\"');
+}
+async function patchCodexPostmanHttpHeaders({ configPath, mcpUrl, bearerToken, dryRun = false, }) {
+    const warnings = [];
+    const normalizedToken = normalizePostmanApiKey(bearerToken);
+    if (!normalizedToken) {
+        return {
+            action: "skipped",
+            warnings: [
+                "Postman API key is unavailable in current environment. Kept bearer_token_env_var wiring in Codex config.",
+            ],
+        };
+    }
+    const configExists = await pathExists(configPath);
+    const original = configExists ? await readFile(configPath, "utf8") : "";
+    const lines = original.split(/\r?\n/);
+    const nextLines = [];
+    const headerLine = `http_headers = { Authorization = "Bearer ${escapeTomlBasicString(normalizedToken)}" }`;
+    const serverHeader = "[mcp_servers.postman]";
+    let inPostmanSection = false;
+    let postmanSectionFound = false;
+    let insertedHeaders = false;
+    const flushPostmanHeaderIfNeeded = () => {
+        if (inPostmanSection && !insertedHeaders) {
+            nextLines.push(headerLine);
+            insertedHeaders = true;
+        }
+    };
+    for (const line of lines) {
+        const sectionMatch = line.match(/^\s*\[([^\]]+)\]\s*$/);
+        if (sectionMatch) {
+            flushPostmanHeaderIfNeeded();
+            const sectionName = sectionMatch[1].trim();
+            inPostmanSection = sectionName === "mcp_servers.postman";
+            if (inPostmanSection) {
+                postmanSectionFound = true;
+                insertedHeaders = false;
+            }
+            nextLines.push(line);
+            continue;
+        }
+        if (inPostmanSection) {
+            if (/^\s*(bearer_token_env_var|http_headers|env_http_headers)\s*=/.test(line)) {
+                continue;
+            }
+        }
+        nextLines.push(line);
+    }
+    flushPostmanHeaderIfNeeded();
+    if (!postmanSectionFound) {
+        if (nextLines.length > 0 && nextLines[nextLines.length - 1].trim() !== "") {
+            nextLines.push("");
+        }
+        nextLines.push(serverHeader);
+        nextLines.push(`url = "${escapeTomlBasicString(mcpUrl || POSTMAN_MCP_URL)}"`);
+        nextLines.push(headerLine);
+    }
+    const next = `${nextLines.join("\n").replace(/\n+$/g, "")}\n`;
+    if (next === original) {
+        return { action: "unchanged", warnings };
+    }
+    if (!dryRun) {
+        await mkdir(path.dirname(configPath), { recursive: true });
+        await writeFile(configPath, next, "utf8");
+    }
+    return {
+        action: dryRun ? "would-patch" : "patched",
+        warnings,
+    };
+}
 function parsePubspecDependencyNames(content) {
     const packages = new Set();
     let currentSection = null;
@@ -3528,24 +3601,32 @@ function resolvePostmanMcpDefinitionPath({ platform, scope, cwd = process.cwd(),
 function resolveStitchMcpDefinitionPath({ scope, cwd = process.cwd() }) {
     return path.join(resolveMcpRootPath({ scope, cwd }), "antigravity", "stitch.json");
 }
-function buildPostmanAuthHeader({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR }) {
+function buildPostmanAuthHeader({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, apiKey = null, }) {
+    const normalizedApiKey = normalizePostmanApiKey(apiKey);
+    if (normalizedApiKey) {
+        return `Bearer ${normalizedApiKey}`;
+    }
     return `Bearer \${${apiKeyEnvVar}}`;
 }
-function buildStitchApiHeader({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR }) {
+function buildStitchApiHeader({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, apiKey = null, }) {
+    const normalizedApiKey = normalizePostmanApiKey(apiKey);
+    if (normalizedApiKey) {
+        return `X-Goog-Api-Key: ${normalizedApiKey}`;
+    }
     return `X-Goog-Api-Key: \${${apiKeyEnvVar}}`;
 }
-function buildPostmanMcpDefinition({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, mcpUrl = POSTMAN_MCP_URL, }) {
+function buildPostmanMcpDefinition({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, apiKey = null, mcpUrl = POSTMAN_MCP_URL, }) {
     return {
         schemaVersion: 1,
         server: POSTMAN_SKILL_ID,
         transport: "http",
         url: mcpUrl,
         headers: {
-            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar }),
+            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar, apiKey }),
         },
     };
 }
-function buildStitchMcpDefinition({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, mcpUrl = STITCH_MCP_URL, }) {
+function buildStitchMcpDefinition({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, apiKey = null, mcpUrl = STITCH_MCP_URL, }) {
     return {
         schemaVersion: 1,
         server: STITCH_MCP_SERVER_ID,
@@ -3556,17 +3637,17 @@ function buildStitchMcpDefinition({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, mcpUr
             "mcp-remote",
             mcpUrl,
             "--header",
-            buildStitchApiHeader({ apiKeyEnvVar }),
+            buildStitchApiHeader({ apiKeyEnvVar, apiKey }),
         ],
         env: {},
     };
 }
-function buildVsCodePostmanServer({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, mcpUrl = POSTMAN_MCP_URL, }) {
+function buildVsCodePostmanServer({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, apiKey = null, mcpUrl = POSTMAN_MCP_URL, }) {
     return {
         type: "sse",
         url: mcpUrl,
         headers: {
-            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar }),
+            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar, apiKey }),
         },
     };
 }
@@ -3584,12 +3665,12 @@ function buildVsCodeFoundryServer({ scope = "auto" } = {}) {
         env: {},
     };
 }
-function buildCopilotCliPostmanServer({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, mcpUrl = POSTMAN_MCP_URL, }) {
+function buildCopilotCliPostmanServer({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, apiKey = null, mcpUrl = POSTMAN_MCP_URL, }) {
     return {
         type: "http",
         url: mcpUrl,
         headers: {
-            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar }),
+            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar, apiKey }),
         },
         tools: ["*"],
     };
@@ -3603,11 +3684,11 @@ function buildCopilotCliFoundryServer({ scope = "auto" } = {}) {
         tools: ["*"],
     };
 }
-function buildGeminiPostmanServer({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, mcpUrl = POSTMAN_MCP_URL, }) {
+function buildGeminiPostmanServer({ apiKeyEnvVar = POSTMAN_API_KEY_ENV_VAR, apiKey = null, mcpUrl = POSTMAN_MCP_URL, }) {
     return {
         httpUrl: mcpUrl,
         headers: {
-            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar }),
+            Authorization: buildPostmanAuthHeader({ apiKeyEnvVar, apiKey }),
         },
     };
 }
@@ -3618,7 +3699,7 @@ function buildGeminiFoundryServer({ scope = "auto" } = {}) {
         env: {},
     };
 }
-function buildGeminiStitchServer({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, mcpUrl = STITCH_MCP_URL, }) {
+function buildGeminiStitchServer({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, apiKey = null, mcpUrl = STITCH_MCP_URL, }) {
     return {
         command: "npx",
         args: [
@@ -3626,7 +3707,7 @@ function buildGeminiStitchServer({ apiKeyEnvVar = STITCH_API_KEY_ENV_VAR, mcpUrl
             "mcp-remote",
             mcpUrl,
             "--header",
-            buildStitchApiHeader({ apiKeyEnvVar }),
+            buildStitchApiHeader({ apiKeyEnvVar, apiKey }),
         ],
         env: {},
     };
@@ -4040,6 +4121,8 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
     const workspaceRoot = findWorkspaceRoot(cwd);
     const warnings = [];
     const foundryScope = mcpScope === "global" ? "global" : "project";
+    const resolvedPostmanApiKey = normalizePostmanApiKey(process.env[apiKeyEnvVar || POSTMAN_API_KEY_ENV_VAR]);
+    const resolvedStitchApiKey = normalizePostmanApiKey(process.env[stitchApiKeyEnvVar || STITCH_API_KEY_ENV_VAR]);
     if (platform === "antigravity") {
         const settingsPath = mcpScope === "global"
             ? path.join(os.homedir(), ".gemini", "settings.json")
@@ -4056,6 +4139,7 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
                 if (includePostmanMcp) {
                     mcpServers[POSTMAN_SKILL_ID] = buildGeminiPostmanServer({
                         apiKeyEnvVar,
+                        apiKey: resolvedPostmanApiKey,
                         mcpUrl,
                     });
                 }
@@ -4070,6 +4154,7 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
                 if (includeStitchMcp) {
                     mcpServers[STITCH_MCP_SERVER_ID] = buildGeminiStitchServer({
                         apiKeyEnvVar: stitchApiKeyEnvVar,
+                        apiKey: resolvedStitchApiKey,
                         mcpUrl: stitchMcpUrl,
                     });
                 }
@@ -4103,6 +4188,7 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
                     if (includePostmanMcp) {
                         mcpServers[POSTMAN_SKILL_ID] = buildCopilotCliPostmanServer({
                             apiKeyEnvVar,
+                            apiKey: resolvedPostmanApiKey,
                             mcpUrl,
                         });
                     }
@@ -4125,6 +4211,7 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
                 if (includePostmanMcp) {
                     servers[POSTMAN_SKILL_ID] = buildVsCodePostmanServer({
                         apiKeyEnvVar,
+                        apiKey: resolvedPostmanApiKey,
                         mcpUrl,
                     });
                 }
@@ -4164,6 +4251,7 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
                     if (includePostmanMcp) {
                         servers[POSTMAN_SKILL_ID] = buildVsCodePostmanServer({
                             apiKeyEnvVar,
+                            apiKey: resolvedPostmanApiKey,
                             mcpUrl,
                         });
                     }
@@ -4223,6 +4311,19 @@ async function applyPostmanMcpForPlatform({ platform, mcpScope, apiKeyEnvVar, mc
                     "--bearer-token-env-var",
                     apiKeyEnvVar || POSTMAN_API_KEY_ENV_VAR,
                 ], { cwd });
+                const postmanToken = normalizePostmanApiKey(process.env[apiKeyEnvVar || POSTMAN_API_KEY_ENV_VAR]);
+                const postmanPatch = await patchCodexPostmanHttpHeaders({
+                    configPath: codexConfigPath,
+                    mcpUrl,
+                    bearerToken: postmanToken,
+                    dryRun: false,
+                });
+                if (postmanPatch.action === "patched") {
+                    warnings.push("Codex Postman MCP config patched to static Authorization header for startup reliability.");
+                }
+                if (postmanPatch.warnings?.length) {
+                    warnings.push(...postmanPatch.warnings);
+                }
             }
             catch (error) {
                 warnings.push(`Failed to register Postman MCP via Codex CLI. Ensure 'codex' is installed and rerun. (${error.message})`);
@@ -4627,6 +4728,7 @@ async function configurePostmanInstallArtifacts({ platform, scope, profilePaths,
         });
         const mcpDefinitionContent = `${JSON.stringify(buildPostmanMcpDefinition({
             apiKeyEnvVar: effectiveApiKeyEnvVar,
+            apiKey: envApiKey,
             mcpUrl: effectiveMcpUrl,
         }), null, 2)}\n`;
         mcpDefinitionResult = await writeGeneratedArtifact({
@@ -4644,6 +4746,7 @@ async function configurePostmanInstallArtifacts({ platform, scope, profilePaths,
         });
         const stitchMcpDefinitionContent = `${JSON.stringify(buildStitchMcpDefinition({
             apiKeyEnvVar: effectiveStitchApiKeyEnvVar,
+            apiKey: envStitchApiKey,
             mcpUrl: effectiveStitchMcpUrl,
         }), null, 2)}\n`;
         stitchMcpDefinitionResult = await writeGeneratedArtifact({
@@ -4758,6 +4861,8 @@ async function applyPostmanConfigArtifacts({ platform, mcpScope, configValue, dr
     const stitchEnabled = Boolean(stitchState);
     const stitchApiKeyEnvVar = normalizePostmanApiKey(stitchState?.apiKeyEnvVar) || STITCH_API_KEY_ENV_VAR;
     const stitchMcpUrl = stitchState?.mcpUrl || STITCH_MCP_URL;
+    const resolvedPostmanApiKey = normalizePostmanApiKey(process.env[postmanApiKeyEnvVar]);
+    const resolvedStitchApiKey = normalizePostmanApiKey(process.env[stitchApiKeyEnvVar]);
     const mcpDefinitionPath = resolvePostmanMcpDefinitionPath({
         platform,
         scope: mcpScope,
@@ -4765,6 +4870,7 @@ async function applyPostmanConfigArtifacts({ platform, mcpScope, configValue, dr
     });
     const mcpDefinitionContent = `${JSON.stringify(buildPostmanMcpDefinition({
         apiKeyEnvVar: postmanApiKeyEnvVar,
+        apiKey: resolvedPostmanApiKey,
         mcpUrl: postmanMcpUrl,
     }), null, 2)}\n`;
     const mcpDefinitionResult = await writeGeneratedArtifact({
@@ -4781,6 +4887,7 @@ async function applyPostmanConfigArtifacts({ platform, mcpScope, configValue, dr
         });
         const stitchMcpDefinitionContent = `${JSON.stringify(buildStitchMcpDefinition({
             apiKeyEnvVar: stitchApiKeyEnvVar,
+            apiKey: resolvedStitchApiKey,
             mcpUrl: stitchMcpUrl,
         }), null, 2)}\n`;
         stitchMcpDefinitionResult = await writeGeneratedArtifact({