@eightstate/escli 0.7.1 → 0.8.0

package/dist/lib/notion/comments/shared.js

@@ -6,7 +6,7 @@ import { BaseCommand } from '../../../base-command.js';
 import { writeStderr, writeStdout } from '../../../io/io.js';
 import { renderTrailer } from '../../../io/render-trailer.js';
 import { EscliError } from '../../../lib/escli-error.js';
-import { NOTION_VERSION } from '../../../services/notion.js';
+import { NOTION_VERSION, notionUsersList } from '../../../services/notion.js';
 import { hasManifestFlag } from '../manifest-pass.js';
 export const notionCommentErrors = [
     ErrorCode.UsageInvalid,
@@ -26,6 +26,7 @@ export const notionCommentErrors = [
     ErrorCode.ServiceUnavailable,
     ErrorCode.ApiError,
 ];
+const MAX_USER_PAGES = 5;
 export class NotionCommentsCommand extends BaseCommand {
     rawMode = false;
     nextToken = null;
@@ -170,13 +171,44 @@ export function shapeReceipt(result, fallback) {
         created_time: formatCreated(stringValue(data?.created_time)),
         body,
         warning: partial ? 'partial_comment_response' : undefined,
+        warnings: fallback.warnings,
     };
 }
 export function createBodyFromMarkdown(target, markdown) {
-    return { parent: target.kind === 'block' ? { block_id: target.id } : { page_id: target.id }, markdown };
+    return { parent: target.kind === 'block' ? { block_id: target.id } : { page_id: target.id }, markdown: escapeUnsupportedCustomEmojiMarkdown(markdown) };
+}
+export function createBodyWithRichTextMentions(target, markdown, mentions) {
+    return { parent: target.kind === 'block' ? { block_id: target.id } : { page_id: target.id }, rich_text: richTextFromMentions(markdown, mentions) };
 }
 export function replyBodyFromMarkdown(discussionId, markdown) {
-    return { discussion_id: discussionId, markdown };
+    return { discussion_id: discussionId, markdown: escapeUnsupportedCustomEmojiMarkdown(markdown) };
+}
+export function replyBodyWithRichTextMentions(discussionId, markdown, mentions) {
+    return { discussion_id: discussionId, rich_text: richTextFromMentions(markdown, mentions) };
+}
+export async function resolveCommentMentions(markdown, specs) {
+    const tokens = Array.from(new Set(specs.flatMap((spec) => splitMentionSpec(spec))));
+    if (tokens.length === 0)
+        return { mentions: [], warnings: [] };
+    const users = await listNotionUsers();
+    const mentions = [];
+    const warnings = [];
+    for (const token of tokens) {
+        const user = resolveUserToken(token, users);
+        if (!user) {
+            warnings.push(`mention not resolved: ${token}`);
+            continue;
+        }
+        const display = user.name ?? user.email ?? user.id;
+        mentions.push({ token, userId: user.id, display });
+        const atToken = token.startsWith('@') ? token : `@${token}`;
+        if (!markdown.includes(atToken) && !markdown.includes(user.id))
+            warnings.push(`mention resolved but no ${atToken} placeholder found; prepending mention`);
+    }
+    return { mentions, warnings };
+}
+export function escapeUnsupportedCustomEmojiMarkdown(markdown) {
+    return markdown.replace(/(?<!\\):([\p{Letter}\p{Number}_+-]+):/gu, '\\:$1\\:');
 }
 export function joinMarkdown(value) {
     const markdown = Array.isArray(value) ? value.join(' ') : value ?? '';
@@ -185,9 +217,101 @@ export function joinMarkdown(value) {
     }
     return markdown;
 }
+export function richTextFromMentions(markdown, mentions) {
+    if (mentions.length === 0)
+        return [{ type: 'text', text: { content: markdown } }];
+    const richText = [];
+    let remaining = markdown;
+    const sorted = [...mentions].sort((a, b) => b.token.length - a.token.length);
+    while (remaining.length > 0) {
+        const next = nextMentionMatch(remaining, sorted);
+        if (!next) {
+            appendText(richText, remaining);
+            remaining = '';
+            break;
+        }
+        if (next.index > 0)
+            appendText(richText, remaining.slice(0, next.index));
+        appendMention(richText, next.mention);
+        remaining = remaining.slice(next.index + next.match.length);
+    }
+    const missing = mentions.filter((mention) => !markdown.includes(mention.token.startsWith('@') ? mention.token : `@${mention.token}`) && !markdown.includes(mention.userId));
+    if (missing.length > 0) {
+        const prefix = [];
+        for (const mention of missing) {
+            appendMention(prefix, mention);
+            appendText(prefix, ' ');
+        }
+        return [...prefix, ...richText];
+    }
+    return richText;
+}
+export function splitMentionSpec(spec) {
+    return spec.split(',').map((item) => item.trim()).filter(Boolean);
+}
 export function kvEntries(input) {
     return Object.entries(input).filter(([, value]) => value !== undefined && value !== null && value !== '');
 }
+function nextMentionMatch(markdown, mentions) {
+    let best;
+    for (const mention of mentions) {
+        const candidates = [mention.token.startsWith('@') ? mention.token : `@${mention.token}`, mention.userId];
+        for (const candidate of candidates) {
+            const index = markdown.indexOf(candidate);
+            if (index === -1)
+                continue;
+            if (!best || index < best.index || (index === best.index && candidate.length > best.match.length))
+                best = { index, match: candidate, mention };
+        }
+    }
+    return best;
+}
+function appendText(richText, content) {
+    if (content.length === 0)
+        return;
+    richText.push({ type: 'text', text: { content } });
+}
+function appendMention(richText, mention) {
+    richText.push({ type: 'mention', mention: { type: 'user', user: { id: mention.userId } } });
+}
+async function listNotionUsers() {
+    const users = [];
+    let cursor;
+    for (let page = 0; page < MAX_USER_PAGES; page += 1) {
+        const result = await notionUsersList(cursor);
+        const data = recordValue(result.data);
+        users.push(...arrayValue(data?.results).map(shapeUser).filter((user) => Boolean(user)));
+        const next = stringValue(data?.next_cursor) ?? stringValue(result.meta.next);
+        if (!next || data?.has_more === false)
+            break;
+        cursor = next;
+    }
+    return users;
+}
+function shapeUser(value) {
+    const data = recordValue(value);
+    const id = stringValue(data?.id);
+    if (!id)
+        return undefined;
+    const person = recordValue(data?.person);
+    const type = data?.type === 'person' || data?.type === 'bot' ? data.type : undefined;
+    return { id, name: stringValue(data?.name), email: stringValue(person?.email), type };
+}
+function resolveUserToken(token, users) {
+    const normalized = token.replace(/^@/u, '').trim().toLowerCase();
+    if (!normalized)
+        return undefined;
+    if (isUuidLike(normalized))
+        return users.find((user) => user.id.toLowerCase() === normalizeId(normalized)) ?? { id: normalizeId(normalized) };
+    const exact = users.filter((user) => [user.name, user.email].some((value) => value?.toLowerCase() === normalized));
+    if (exact.length === 1)
+        return exact[0];
+    const loose = users.filter((user) => [user.name, user.email].some((value) => value?.toLowerCase().includes(normalized)));
+    return loose.length === 1 ? loose[0] : undefined;
+}
+function isUuidLike(value) {
+    return /^[0-9a-f]{32}$/iu.test(value) || /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/iu.test(value);
+}
 function shapeComment(value) {
     const data = recordValue(value);
     const parent = recordValue(data?.parent);

package/dist/lib/notion/page/content-common.js

@@ -328,7 +328,7 @@ export function buildEditBody(ops, allowDeletingContent) {
 export function buildReplaceBody(markdown, allowDeletingContent) {
     return {
         type: 'replace_content',
-        replace_content: { markdown },
+        replace_content: { new_str: markdown },
         ...(allowDeletingContent ? { allow_deleting_content: true } : {}),
     };
 }

package/dist/lib/registry.js

@@ -51,6 +51,11 @@ import NotionUpload from '../commands/notion/upload/index.js';
 import NotionUploadAttach from '../commands/notion/upload/attach.js';
 import NotionUploadStatus from '../commands/notion/upload/status.js';
 import NotionUploadList from '../commands/notion/upload/list.js';
+import McpTopic from '../commands/mcp/index.js';
+import McpRegister, { McpRegisterDataSchema } from '../commands/mcp/register.js';
+import McpServe, { McpServeDataSchema } from '../commands/mcp/serve.js';
+import McpStatus, { McpStatusDataSchema } from '../commands/mcp/status.js';
+import McpRevoke, { McpRevokeDataSchema } from '../commands/mcp/revoke.js';
 import { registerCommandMetadata } from './command-metadata.js';
 import { renderAuthLogin, renderAuthLogout, renderAuthProfiles, renderAuthStatus, renderAuthSwitch, renderDocsContent, renderDocsSearch, renderFetch, renderModelList, renderResearch, renderSearch, renderSocial, renderUsage, renderVersion, } from '../io/io.js';
 const asCommandClass = (c) => c;
@@ -107,6 +112,11 @@ const commandClasses = [
     { id: 'notion upload attach', command: asCommandClass(NotionUploadAttach) },
     { id: 'notion upload status', command: asCommandClass(NotionUploadStatus) },
     { id: 'notion upload list', command: asCommandClass(NotionUploadList) },
+    { id: 'mcp', command: asCommandClass(McpTopic) },
+    { id: 'mcp register', command: asCommandClass(McpRegister) },
+    { id: 'mcp serve', command: asCommandClass(McpServe) },
+    { id: 'mcp status', command: asCommandClass(McpStatus) },
+    { id: 'mcp revoke', command: asCommandClass(McpRevoke) },
 ];
 const aliasOverrides = new Map([
     ['image', ['img', 'i']],
@@ -143,6 +153,7 @@ const aliasOverrides = new Map([
     ['notion upload attach', ['notion file-upload attach']],
     ['notion upload status', ['notion file-upload status']],
     ['notion upload list', ['notion file-upload list', 'notion file-upload ls', 'notion upload ls']],
+    ['mcp', []],
 ]);
 const metadataEntries = [
     ['image', { inputSchema: z.object({}), dataSchema: z.object({}) }],
@@ -284,6 +295,31 @@ const metadataEntries = [
     ['notion upload attach', { inputSchema: z.object({}).passthrough(), dataSchema: z.unknown() }],
     ['notion upload status', { inputSchema: z.object({}).passthrough(), dataSchema: z.unknown() }],
     ['notion upload list', { inputSchema: z.object({}).passthrough(), dataSchema: z.unknown() }],
+    ['mcp', { inputSchema: z.object({}), dataSchema: z.object({}) }],
+    ['mcp register', { inputSchema: z.object({
+                root: z.string(),
+                slug: z.string().optional(),
+                port: z.number().int().optional(),
+                label: z.string().optional(),
+                'cf-account-id': z.string().optional(),
+                'cf-zone-id': z.string().optional(),
+                'cf-api-token': z.string().optional(),
+            }), dataSchema: McpRegisterDataSchema }],
+    ['mcp serve', { inputSchema: z.object({
+                root: z.string(),
+                slug: z.string().optional(),
+                port: z.number().int().optional(),
+                verbose: z.boolean().optional(),
+            }), dataSchema: McpServeDataSchema }],
+    ['mcp status', { inputSchema: z.object({ slug: z.string().optional() }), dataSchema: McpStatusDataSchema }],
+    ['mcp revoke', { inputSchema: z.object({
+                slug: z.string().optional(),
+                cloudflare: z.boolean().optional(),
+                yes: z.boolean().optional(),
+                'cf-account-id': z.string().optional(),
+                'cf-zone-id': z.string().optional(),
+                'cf-api-token': z.string().optional(),
+            }), dataSchema: McpRevokeDataSchema }],
 ];
 const metadata = new Map(metadataEntries);
 export const commandRegistry = commandClasses.map(({ id, command }) => buildRegistration(id, command));

package/dist/services/mcp/audit.js

@@ -0,0 +1,18 @@
+import { appendFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { ensureMcpDir, mcpLogsDir } from './config.js';
+export async function writeAuditRecord(slug, record) {
+    const dir = mcpLogsDir();
+    await ensureMcpDir(dir);
+    const safe = {
+        timestamp: record.timestamp ?? new Date().toISOString(),
+        tool: record.tool,
+        target: record.target,
+        status: record.status,
+        duration_ms: record.duration_ms,
+        bytes: record.bytes,
+        truncated: record.truncated,
+    };
+    await appendFile(join(dir, `${slug}.jsonl`), `${JSON.stringify(safe)}\n`, { mode: 0o600 });
+}
+//# sourceMappingURL=audit.js.map

package/dist/services/mcp/cloudflare.js

@@ -0,0 +1,91 @@
+import { ErrorCode } from '@eightstate/contracts/errors';
+import { ExitCodes } from '@eightstate/contracts/exit-codes';
+import { EscliError } from '../../lib/escli-error.js';
+import { parseJsonResponse, recordValue, stringValue, usageError } from './common.js';
+const CF_API_BASE = 'https://api.cloudflare.com/client/v4';
+export class CloudflareClient {
+    credentials;
+    constructor(input) {
+        this.credentials = resolveCloudflareCredentials(input);
+    }
+    async createTunnel(slug) {
+        const data = await this.request(`/accounts/${encodeURIComponent(this.credentials.accountId)}/cfd_tunnel`, 'POST', {
+            name: `eightstate-mcp-${slug}`,
+            config_src: 'cloudflare',
+        });
+        const result = recordValue(recordValue(data)?.result);
+        const id = stringValue(result?.id);
+        const token = stringValue(result?.token);
+        if (!id || !token)
+            throw cfInvalid('invalid Cloudflare tunnel response', data);
+        return { id, token };
+    }
+    async configureIngress(tunnelId, hostname, port) {
+        await this.request(`/accounts/${encodeURIComponent(this.credentials.accountId)}/cfd_tunnel/${encodeURIComponent(tunnelId)}/configurations`, 'PUT', {
+            config: {
+                ingress: [
+                    { hostname, service: `http://localhost:${port}`, originRequest: {} },
+                    { service: 'http_status:404' },
+                ],
+            },
+        });
+    }
+    async createDnsRecord(hostname, tunnelId) {
+        const data = await this.request(`/zones/${encodeURIComponent(this.credentials.zoneId)}/dns_records`, 'POST', {
+            type: 'CNAME',
+            proxied: true,
+            name: hostname,
+            content: `${tunnelId}.cfargotunnel.com`,
+        });
+        const result = recordValue(recordValue(data)?.result);
+        const id = stringValue(result?.id);
+        const name = stringValue(result?.name) ?? hostname;
+        if (!id)
+            throw cfInvalid('invalid Cloudflare DNS response', data);
+        return { id, name };
+    }
+    async deleteDnsRecord(dnsRecordId) {
+        await this.request(`/zones/${encodeURIComponent(this.credentials.zoneId)}/dns_records/${encodeURIComponent(dnsRecordId)}`, 'DELETE');
+    }
+    async deleteTunnel(tunnelId) {
+        await this.request(`/accounts/${encodeURIComponent(this.credentials.accountId)}/cfd_tunnel/${encodeURIComponent(tunnelId)}`, 'DELETE');
+    }
+    async request(path, method, body) {
+        let response;
+        try {
+            response = await fetch(`${CF_API_BASE}${path}`, {
+                method,
+                headers: {
+                    authorization: `Bearer ${this.credentials.apiToken}`,
+                    accept: 'application/json',
+                    ...(body === undefined ? {} : { 'content-type': 'application/json' }),
+                },
+                body: body === undefined ? undefined : JSON.stringify(body),
+            });
+        }
+        catch (error) {
+            throw new EscliError('Cloudflare API unavailable', { code: ErrorCode.NetworkError, exitCode: ExitCodes.Transient, details: error instanceof Error ? error.message : error });
+        }
+        const data = await parseJsonResponse(response);
+        if (!response.ok)
+            throw new EscliError(`Cloudflare API request failed (${response.status})`, { code: ErrorCode.ApiError, exitCode: ExitCodes.Transient, details: data });
+        return data;
+    }
+}
+export function resolveCloudflareCredentials(input) {
+    const accountId = input.accountId ?? process.env.CLOUDFLARE_ACCOUNT_ID;
+    const zoneId = input.zoneId ?? process.env.CLOUDFLARE_ZONE_ID;
+    const apiToken = input.apiToken ?? process.env.CLOUDFLARE_API_TOKEN;
+    const missing = [
+        accountId ? undefined : 'CLOUDFLARE_ACCOUNT_ID',
+        zoneId ? undefined : 'CLOUDFLARE_ZONE_ID',
+        apiToken ? undefined : 'CLOUDFLARE_API_TOKEN',
+    ].filter(Boolean);
+    if (!accountId || !zoneId || !apiToken)
+        throw usageError(`missing Cloudflare credentials: ${missing.join(', ')}`);
+    return { accountId, zoneId, apiToken };
+}
+function cfInvalid(message, details) {
+    return new EscliError(message, { code: ErrorCode.GateInvalidResponse, exitCode: ExitCodes.Transient, details });
+}
+//# sourceMappingURL=cloudflare.js.map

package/dist/services/mcp/cloudflared.js

@@ -0,0 +1,59 @@
+import { spawn } from 'node:child_process';
+import { access } from 'node:fs/promises';
+import { delimiter, join } from 'node:path';
+import { ErrorCode } from '@eightstate/contracts/errors';
+import { ExitCodes } from '@eightstate/contracts/exit-codes';
+import { EscliError } from '../../lib/escli-error.js';
+import { redactSecrets } from './common.js';
+export async function findCloudflared() {
+    const path = process.env.PATH ?? '';
+    for (const dir of path.split(delimiter)) {
+        if (!dir)
+            continue;
+        const candidate = join(dir, 'cloudflared');
+        try {
+            await access(candidate);
+            return candidate;
+        }
+        catch {
+            // continue searching PATH
+        }
+    }
+    throw new EscliError('cloudflared not found in PATH', {
+        code: ErrorCode.FileNotFound,
+        exitCode: ExitCodes.NotFound,
+        remediation: { command: 'brew install cloudflared' },
+    });
+}
+export async function startCloudflared(token, options) {
+    const binary = await findCloudflared();
+    const child = spawn(binary, ['tunnel', '--no-autoupdate', 'run', '--token', token], { stdio: ['ignore', 'pipe', 'pipe'] });
+    let stopping = false;
+    const logChunk = (chunk) => options.log?.(redactSecrets(chunk.toString('utf8'), [token]));
+    child.stdout.on('data', logChunk);
+    child.stderr.on('data', logChunk);
+    child.on('exit', (code, signal) => {
+        if (!stopping)
+            options.onExit(code, signal);
+    });
+    return {
+        child,
+        stop: () => new Promise((resolve) => {
+            if (child.exitCode !== null || child.signalCode !== null) {
+                resolve();
+                return;
+            }
+            stopping = true;
+            const timer = setTimeout(() => {
+                child.kill('SIGKILL');
+                resolve();
+            }, 3000);
+            child.once('exit', () => {
+                clearTimeout(timer);
+                resolve();
+            });
+            child.kill('SIGTERM');
+        }),
+    };
+}
+//# sourceMappingURL=cloudflared.js.map

package/dist/services/mcp/common.js

@@ -0,0 +1,65 @@
+import { ErrorCode } from '@eightstate/contracts/errors';
+import { ExitCodes } from '@eightstate/contracts/exit-codes';
+import { EscliError } from '../../lib/escli-error.js';
+export const DEFAULT_GATE_URL = 'https://internal.eightstate.co';
+export const DEFAULT_MCP_DOMAIN = 'eightstate.co';
+export const MCP_AUTH_SERVER = 'https://internal.eightstate.co';
+export function configError(message, details) {
+    return new EscliError(message, { code: ErrorCode.ConfigInvalid, exitCode: ExitCodes.Error, details });
+}
+export function usageError(message, details) {
+    return new EscliError(message, { code: ErrorCode.UsageInvalid, exitCode: ExitCodes.Usage, details });
+}
+export function authRequired(message = 'not authenticated') {
+    return new EscliError(message, {
+        code: ErrorCode.AuthRequired,
+        exitCode: ExitCodes.Auth,
+        remediation: { command: 'escli auth login' },
+    });
+}
+export function gateUrl() {
+    return stripTrailingSlash(process.env.ESCLI_GATE_URL ?? DEFAULT_GATE_URL);
+}
+export function stripTrailingSlash(value) {
+    return value.replace(/\/+$/u, '');
+}
+export async function parseJsonResponse(response) {
+    const text = await response.text();
+    if (!text)
+        return {};
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return text;
+    }
+}
+export function recordValue(value) {
+    return value && typeof value === 'object' && !Array.isArray(value) ? value : undefined;
+}
+export function stringValue(value) {
+    return typeof value === 'string' && value.length > 0 ? value : undefined;
+}
+export function numberValue(value) {
+    return typeof value === 'number' && Number.isFinite(value) ? value : undefined;
+}
+export function maskSecret(value) {
+    if (!value)
+        return '';
+    return value.length > 12 ? `${value.slice(0, 6)}…${value.slice(-4)}` : '***';
+}
+export function redactSecrets(text, secrets = []) {
+    let redacted = text;
+    for (const secret of secrets) {
+        if (secret)
+            redacted = redacted.split(secret).join('[redacted]');
+    }
+    return redacted
+        .replace(/mcp_at_[A-Za-z0-9_-]+/gu, 'mcp_at_[redacted]')
+        .replace(/mcp_ms_[A-Za-z0-9_-]+/gu, 'mcp_ms_[redacted]')
+        .replace(/eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/gu, 'jwt_[redacted]');
+}
+export function isNodeError(error) {
+    return error instanceof Error && 'code' in error;
+}
+//# sourceMappingURL=common.js.map

package/dist/services/mcp/config.js

@@ -0,0 +1,131 @@
+import { chmod, mkdir, readdir, readFile, realpath, rename, rm, stat, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { dirname, join, relative, resolve } from 'node:path';
+import { McpLocalConfigSchema } from '@eightstate/contracts';
+import { configError, isNodeError } from './common.js';
+const MACHINE_DIR_MODE = 0o700;
+const MACHINE_FILE_MODE = 0o600;
+export function escliConfigDir() {
+    return process.env.ESCLI_CONFIG_DIR ?? join(homedir(), '.escli');
+}
+export function mcpConfigDir() {
+    return join(escliConfigDir(), 'mcp');
+}
+export function mcpMachinesDir() {
+    return join(mcpConfigDir(), 'machines');
+}
+export function mcpLogsDir() {
+    return join(mcpConfigDir(), 'logs');
+}
+export function machineConfigPath(slug) {
+    assertSafeSlug(slug);
+    return join(mcpMachinesDir(), `${slug}.json`);
+}
+export async function ensureMcpDir(path) {
+    await mkdir(path, { recursive: true, mode: MACHINE_DIR_MODE });
+    for (const dir of mcpParentDirs(path))
+        await chmod(dir, MACHINE_DIR_MODE).catch(() => { });
+}
+export async function writeMachineConfig(config) {
+    const parsed = McpLocalConfigSchema.parse(config);
+    const path = machineConfigPath(parsed.slug);
+    await ensureMcpDir(dirname(path));
+    const tempPath = join(dirname(path), `.${parsed.slug}.${process.pid}.${Date.now()}.tmp`);
+    const body = `${JSON.stringify(parsed, null, 2)}\n`;
+    try {
+        await writeFile(tempPath, body, { mode: MACHINE_FILE_MODE, flag: 'wx' });
+        await chmod(tempPath, MACHINE_FILE_MODE);
+        await rename(tempPath, path);
+        await chmod(path, MACHINE_FILE_MODE);
+        return path;
+    }
+    catch (error) {
+        await rm(tempPath, { force: true }).catch(() => { });
+        throw error;
+    }
+}
+export async function readMachineConfig(slug) {
+    const path = machineConfigPath(slug);
+    let raw;
+    try {
+        raw = await readFile(path, 'utf8');
+    }
+    catch (error) {
+        if (isNodeError(error) && error.code === 'ENOENT')
+            throw configError(`MCP machine '${slug}' not found`, path);
+        throw configError('failed to read MCP config', path);
+    }
+    try {
+        return McpLocalConfigSchema.parse(JSON.parse(raw));
+    }
+    catch (error) {
+        throw configError('invalid MCP machine config', { path, error });
+    }
+}
+export async function listMachineConfigs() {
+    let entries;
+    try {
+        entries = await readdir(mcpMachinesDir());
+    }
+    catch (error) {
+        if (isNodeError(error) && error.code === 'ENOENT')
+            return [];
+        throw configError('failed to list MCP machine configs', mcpMachinesDir());
+    }
+    const configs = [];
+    for (const entry of entries.filter((name) => name.endsWith('.json')).sort()) {
+        const slug = entry.slice(0, -'.json'.length);
+        configs.push(await readMachineConfig(slug));
+    }
+    return configs;
+}
+export async function deleteMachineConfig(slug) {
+    const path = machineConfigPath(slug);
+    try {
+        await rm(path);
+        return true;
+    }
+    catch (error) {
+        if (isNodeError(error) && error.code === 'ENOENT')
+            return false;
+        throw configError('failed to delete MCP machine config', path);
+    }
+}
+export async function resolveMachineConfig(slug) {
+    if (slug)
+        return readMachineConfig(slug);
+    const configs = await listMachineConfigs();
+    if (configs.length === 1)
+        return configs[0];
+    if (configs.length === 0)
+        throw configError('no MCP machines registered', { remediation: 'escli mcp register --root <dir>' });
+    throw configError('multiple MCP machines registered; pass --slug', { slugs: configs.map((config) => config.slug) });
+}
+export async function validateRootDirectory(root) {
+    const resolved = resolve(root);
+    const real = await realpath(resolved);
+    const info = await stat(real);
+    if (!info.isDirectory())
+        throw configError('--root must be a directory', root);
+    return real;
+}
+function assertSafeSlug(slug) {
+    if (!/^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/u.test(slug))
+        throw configError('invalid MCP machine slug', slug);
+}
+function mcpParentDirs(path) {
+    const base = resolve(escliConfigDir());
+    const target = resolve(path);
+    const rel = relative(base, target);
+    if (rel.startsWith('..'))
+        return [target];
+    const dirs = [base];
+    const parts = rel.split(/[\\/]+/u).filter(Boolean);
+    let current = base;
+    for (const part of parts) {
+        current = join(current, part);
+        dirs.push(current);
+    }
+    return dirs;
+}
+//# sourceMappingURL=config.js.map