@floomhq/skills 0.2.5 → 0.2.6

package/dist/index.js

@@ -2430,7 +2430,7 @@ function isLegacyApiUrl(apiUrl) {
 }
 
 // src/version.ts
-var VERSION = "0.2.5";
+var VERSION = "0.2.6";
 
 // src/api-client.ts
 var DEFAULT_TIMEOUT_MS = 2e4;
@@ -3405,14 +3405,19 @@ async function fetchWithTimeout2(url, init = {}) {
     clearTimeout(timer);
   }
 }
-async function resolveToken() {
+async function resolveOptionalToken() {
   const fromEnv = process.env.FLOOM_API_TOKEN?.trim();
   if (fromEnv) return fromEnv;
   const auth = await readAuth();
   if (auth?.token) return auth.token;
+  return null;
+}
+async function resolveRequiredToken() {
+  const token = await resolveOptionalToken();
+  if (token) return token;
   throw new Error("Authentication required. Run `floom login` or set FLOOM_API_TOKEN.");
 }
-async function apiWithToken(token, path, query) {
+async function apiRequest(token, path, query) {
   const auth = await readAuth();
   let lastError = null;
   for (const base of getApiBaseUrls(auth?.apiUrl)) {
@@ -3423,7 +3428,10 @@ async function apiWithToken(token, path, query) {
     let res;
     try {
       res = await fetchWithTimeout2(url, {
-        headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json" }
+        headers: {
+          ...token ? { Authorization: `Bearer ${token}` } : {},
+          "Content-Type": "application/json"
+        }
       });
     } catch (e) {
       lastError = new Error(`Unable to reach Floom API at ${base}: ${e.message}`);
@@ -3445,8 +3453,8 @@ async function apiWithToken(token, path, query) {
 async function installViaApi(token, refText, target) {
   const parsed = parseSkillRef(refText);
   if (!parsed) throw new Error(`Invalid ref: ${refText}`);
-  const info = await apiWithToken(token, `/skills/${parsed.owner}/${parsed.slug}`);
-  const dl = await apiWithToken(token, `/skills/${parsed.owner}/${parsed.slug}/download`, parsed.version ? { version: parsed.version } : void 0);
+  const info = await apiRequest(token, `/skills/${parsed.owner}/${parsed.slug}`);
+  const dl = await apiRequest(token, `/skills/${parsed.owner}/${parsed.slug}/download`, parsed.version ? { version: parsed.version } : void 0);
   const bundle = await rawGet(dl.download.url);
   if (!verifyBundleHash(bundle, dl.bundle_sha256)) throw new Error("Bundle hash mismatch");
   const install = resolveInstallDir({ target });
@@ -3503,30 +3511,30 @@ async function parseSkillBundle(bundle) {
 async function mcpCommand() {
   const server = new McpServer({ name: "floom", version: VERSION });
   server.tool("search_skills", { query: z2.string().min(1), workspace: z2.string().optional(), library: z2.string().optional() }, async ({ query, workspace, library }) => {
-    const token = await resolveToken();
+    const token = await resolveRequiredToken();
     const workspaceSlug = workspace ?? library;
-    const result = await apiWithToken(token, "/skills", { q: query, ...workspaceSlug ? { library: workspaceSlug } : {} });
+    const result = await apiRequest(token, "/skills", { q: query, ...workspaceSlug ? { library: workspaceSlug } : {} });
     return { content: [{ type: "text", text: JSON.stringify(result) }] };
   });
   server.tool("get_skill", { ref: z2.string().min(3) }, async ({ ref }) => {
-    const token = await resolveToken();
+    const token = await resolveOptionalToken();
     const parsed = parseSkillRef(ref);
     if (!parsed) throw new Error("Invalid ref. Expected @owner/slug or workspace/slug");
-    const meta = await apiWithToken(token, `/skills/${parsed.owner}/${parsed.slug}`);
-    const dl = await apiWithToken(token, `/skills/${parsed.owner}/${parsed.slug}/download`);
+    const meta = await apiRequest(token, `/skills/${parsed.owner}/${parsed.slug}`);
+    const dl = await apiRequest(token, `/skills/${parsed.owner}/${parsed.slug}/download`);
     const buf = await rawGet(dl.download.url);
     const parsedBundle = await parseSkillBundle(buf);
     return { content: [{ type: "text", text: JSON.stringify({ ref, meta, ...parsedBundle }) }] };
   });
   async function listWorkspaces() {
-    const token = await resolveToken();
-    const result = await apiWithToken(token, "/libraries");
+    const token = await resolveRequiredToken();
+    const result = await apiRequest(token, "/libraries");
     return { content: [{ type: "text", text: JSON.stringify(result) }] };
   }
   server.tool("list_workspaces", {}, listWorkspaces);
   server.tool("list_libraries", {}, listWorkspaces);
   server.tool("install_skill", { ref: z2.string().min(3), target: z2.enum(["claude", "codex", "cursor", "kimi", "opencode", "gemini"]) }, async ({ ref, target }) => {
-    const token = await resolveToken();
+    const token = await resolveOptionalToken();
     const installed = await installViaApi(token, ref, target);
     return { content: [{ type: "text", text: JSON.stringify(installed) }] };
   });
@@ -3568,26 +3576,35 @@ function warn(name, detail) {
 function fail(name, detail) {
   return { name, ok: false, detail };
 }
+async function validateCurrentToken(token) {
+  if (!token) return warn("fresh_agent_auth", "missing token; authenticated MCP calls skipped");
+  try {
+    const me = await api("/me", { authRequired: true });
+    return pass("fresh_agent_auth", `@${me.user.handle}`);
+  } catch (e) {
+    return warn("fresh_agent_auth", `saved login rejected; authenticated MCP calls skipped: ${e.message}`);
+  }
+}
 async function doctorCommand(opts = {}) {
   if (!opts.freshAgent) {
     const auth2 = await readAuth();
     const rawAuth = await readRawAuth();
-    let authCheck;
+    let authCheck2;
     const envToken = process.env.FLOOM_API_TOKEN?.trim();
     if (!auth2?.token && !envToken) {
-      authCheck = fail("auth", "not logged in");
+      authCheck2 = fail("auth", "not logged in");
     } else {
       try {
         const me = await api("/me", { authRequired: true });
         const authSource = envToken ? "FLOOM_API_TOKEN" : "~/.floom/auth.json";
-        authCheck = pass("auth", `@${me.user.handle} via ${authSource}`);
+        authCheck2 = pass("auth", `@${me.user.handle} via ${authSource}`);
       } catch (e) {
-        authCheck = fail("auth", `saved login rejected by API: ${e.message}`);
+        authCheck2 = fail("auth", `saved login rejected by API: ${e.message}`);
       }
     }
     const checks2 = [
       pass("cli_version", VERSION),
-      authCheck,
+      authCheck2,
       process.env.FLOOM_API_URL ? isLegacyApiUrl(process.env.FLOOM_API_URL) ? warn("api_url", `legacy FLOOM_API_URL ${process.env.FLOOM_API_URL}; using ${DEFAULT_API_URL}`) : pass("api_url", process.env.FLOOM_API_URL) : isLegacyApiUrl(rawAuth?.apiUrl) ? warn("auth_api_url", `legacy URL in ~/.floom/auth.json; using ${DEFAULT_API_URL}`) : pass("api_url", auth2?.apiUrl ?? DEFAULT_API_URL)
     ];
     emitDoctor(checks2, opts.json);
@@ -3597,9 +3614,9 @@ async function doctorCommand(opts = {}) {
   const checks = [];
   const auth = await readAuth();
   const token = process.env.FLOOM_API_TOKEN?.trim() || auth?.token;
-  if (!token) {
-    checks.push(warn("fresh_agent_auth", "missing token; API-backed tool calls skipped"));
-  }
+  const authCheck = await validateCurrentToken(token);
+  const hasValidToken = authCheck.ok && authCheck.status !== "warn" && Boolean(token);
+  checks.push(authCheck);
   const cliPath = process.argv[1];
   if (!cliPath) {
     checks.push(fail("fresh_agent_cli_path", "process.argv[1] is empty"));
@@ -3617,7 +3634,7 @@ async function doctorCommand(opts = {}) {
       ...process.env,
       HOME: tmpHome,
       FLOOM_SKILLS_DIR: tmpSkills,
-      ...token ? { FLOOM_API_TOKEN: token } : {},
+      ...hasValidToken && token ? { FLOOM_API_TOKEN: token } : {},
       ...process.env.FLOOM_API_URL ? { FLOOM_API_URL: normalizeApiUrl(process.env.FLOOM_API_URL) } : auth?.apiUrl ? { FLOOM_API_URL: auth.apiUrl } : {}
     },
     stderr: "pipe"
@@ -3627,38 +3644,29 @@ async function doctorCommand(opts = {}) {
     await client.connect(transport);
     const tools = await client.listTools();
     const toolNames = tools.tools.map((tool) => tool.name).sort();
-    const expected = ["get_skill", "install_skill", "list_workspaces", "search_skills"];
+    const expected = ["get_skill", "install_skill", "list_libraries", "list_workspaces", "search_skills"];
     const missing = expected.filter((name) => !toolNames.includes(name));
     checks.push(missing.length === 0 ? pass("mcp_tools", toolNames.join(", ")) : fail("mcp_tools", `missing ${missing.join(", ")}`));
-    if (!token) {
-      checks.push(warn("mcp_api_calls", "skipped because no FLOOM_API_TOKEN or ~/.floom/auth.json was available"));
-      emitDoctor(checks, opts.json);
-      return;
-    }
-    const workspaces = await client.callTool({ name: "list_workspaces", arguments: {} });
-    const workspaceError = toolError(workspaces);
-    const workspaceCount = jsonArrayLength(workspaces, "libraries");
-    const workspacesOk = !workspaceError && workspaceCount !== null;
-    checks.push(workspacesOk ? pass("mcp_list_workspaces", `${workspaceCount} workspaces`) : fail("mcp_list_workspaces", workspaceError ?? "unexpected response shape"));
-    const search = await client.callTool({ name: "search_skills", arguments: { query: opts.query ?? "pdf" } });
-    const searchError = toolError(search);
-    const skillCount = jsonArrayLength(search, "skills");
-    const searchOk = !searchError && skillCount !== null;
-    checks.push(searchOk ? pass("mcp_search_skills", `${skillCount} skills`) : fail("mcp_search_skills", searchError ?? "unexpected response shape"));
-    if (opts.ref) {
-      if (!workspacesOk || !searchOk) {
-        checks.push(warn("mcp_get_skill", "skipped because authenticated MCP API prechecks failed"));
-        checks.push(warn("mcp_install_skill", "skipped because authenticated MCP API prechecks failed"));
-        emitDoctor(checks, opts.json);
-        if (checks.some((check) => !check.ok)) process.exit(1);
-        return;
-      }
-      const skill = await client.callTool({ name: "get_skill", arguments: { ref: opts.ref } });
-      checks.push(/SKILL\.md/.test(textOf(skill)) ? pass("mcp_get_skill", opts.ref) : fail("mcp_get_skill", "bundle did not include SKILL.md"));
-      const installed = await client.callTool({ name: "install_skill", arguments: { ref: opts.ref, target: opts.target ?? "codex" } });
-      const entries = await readdir5(tmpSkills);
-      checks.push(entries.length > 0 ? pass("mcp_install_skill", textOf(installed)) : fail("mcp_install_skill", "target directory is empty"));
+    if (hasValidToken) {
+      const workspaces = await client.callTool({ name: "list_workspaces", arguments: {} });
+      const workspaceError = toolError(workspaces);
+      const workspaceCount = jsonArrayLength(workspaces, "libraries");
+      const workspacesOk = !workspaceError && workspaceCount !== null;
+      checks.push(workspacesOk ? pass("mcp_list_workspaces", `${workspaceCount} workspaces`) : fail("mcp_list_workspaces", workspaceError ?? "unexpected response shape"));
+      const search = await client.callTool({ name: "search_skills", arguments: { query: opts.query ?? "pdf" } });
+      const searchError = toolError(search);
+      const skillCount = jsonArrayLength(search, "skills");
+      const searchOk = !searchError && skillCount !== null;
+      checks.push(searchOk ? pass("mcp_search_skills", `${skillCount} skills`) : fail("mcp_search_skills", searchError ?? "unexpected response shape"));
+    } else {
+      checks.push(warn("mcp_authenticated_tools", "skipped list_workspaces/search_skills because no valid token is available"));
     }
+    const ref = opts.ref ?? "floom-demo/brand-voice";
+    const skill = await client.callTool({ name: "get_skill", arguments: { ref } });
+    checks.push(/SKILL\.md/.test(textOf(skill)) ? pass("mcp_get_skill", ref) : fail("mcp_get_skill", "bundle did not include SKILL.md"));
+    const installed = await client.callTool({ name: "install_skill", arguments: { ref, target: opts.target ?? "codex" } });
+    const entries = await readdir5(tmpSkills);
+    checks.push(entries.length > 0 ? pass("mcp_install_skill", textOf(installed)) : fail("mcp_install_skill", "target directory is empty"));
   } catch (e) {
     checks.push(fail("fresh_agent_mcp", e.message));
   } finally {