@gethmy/mcp 2.9.3 → 2.9.5

package/dist/lib/api-client.js

@@ -14,6 +14,202 @@ var __export = (target, all) => {
 };
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 
+// src/config.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+function getConfigDir() {
+  return join(homedir(), ".harmony-mcp");
+}
+function getConfigPath() {
+  return join(getConfigDir(), "config.json");
+}
+function getLocalConfigPath(cwd) {
+  return join(cwd || process.cwd(), LOCAL_CONFIG_FILENAME);
+}
+function emptyConfig() {
+  return {
+    apiKey: null,
+    apiUrl: DEFAULT_API_URL,
+    activeWorkspaceId: null,
+    activeProjectId: null,
+    userEmail: null,
+    memoryDir: null,
+    oauthAccessToken: null,
+    oauthRefreshToken: null,
+    oauthExpiresAt: null,
+    oauthClientId: null
+  };
+}
+function loadConfig() {
+  const configPath = getConfigPath();
+  if (!existsSync(configPath)) {
+    return emptyConfig();
+  }
+  try {
+    const data = readFileSync(configPath, "utf-8");
+    const config = JSON.parse(data);
+    return {
+      apiKey: config.apiKey || null,
+      apiUrl: config.apiUrl || DEFAULT_API_URL,
+      activeWorkspaceId: config.activeWorkspaceId || null,
+      activeProjectId: config.activeProjectId || null,
+      userEmail: config.userEmail || null,
+      memoryDir: config.memoryDir || null,
+      oauthAccessToken: config.oauthAccessToken || null,
+      oauthRefreshToken: config.oauthRefreshToken || null,
+      oauthExpiresAt: typeof config.oauthExpiresAt === "number" ? config.oauthExpiresAt : null,
+      oauthClientId: config.oauthClientId || null
+    };
+  } catch {
+    return emptyConfig();
+  }
+}
+function saveConfig(config) {
+  const configDir = getConfigDir();
+  const configPath = getConfigPath();
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true, mode: 448 });
+  }
+  const existingConfig = loadConfig();
+  const newConfig = { ...existingConfig, ...config };
+  writeFileSync(configPath, JSON.stringify(newConfig, null, 2), {
+    mode: 384
+  });
+}
+function loadLocalConfig(cwd) {
+  const localConfigPath = getLocalConfigPath(cwd);
+  if (!existsSync(localConfigPath)) {
+    return null;
+  }
+  try {
+    const data = readFileSync(localConfigPath, "utf-8");
+    const config = JSON.parse(data);
+    return {
+      workspaceId: config.workspaceId || null,
+      projectId: config.projectId || null
+    };
+  } catch {
+    return null;
+  }
+}
+function saveLocalConfig(config, cwd) {
+  const localConfigPath = getLocalConfigPath(cwd);
+  const existingConfig = loadLocalConfig(cwd) || {
+    workspaceId: null,
+    projectId: null
+  };
+  const newConfig = { ...existingConfig, ...config };
+  const cleanConfig = {};
+  if (newConfig.workspaceId)
+    cleanConfig.workspaceId = newConfig.workspaceId;
+  if (newConfig.projectId)
+    cleanConfig.projectId = newConfig.projectId;
+  writeFileSync(localConfigPath, JSON.stringify(cleanConfig, null, 2));
+}
+function hasLocalConfig(cwd) {
+  return existsSync(getLocalConfigPath(cwd));
+}
+function getActiveCredential() {
+  const config = loadConfig();
+  if (config.oauthAccessToken)
+    return config.oauthAccessToken;
+  if (config.apiKey)
+    return config.apiKey;
+  throw new Error(`Not configured. Run "npx @gethmy/mcp setup" to connect Harmony.
+` + "Setup authorizes in your browser — no API key handling required.");
+}
+function getApiKey() {
+  return getActiveCredential();
+}
+function getApiUrl() {
+  const config = loadConfig();
+  return config.apiUrl;
+}
+function getUserEmail() {
+  const config = loadConfig();
+  return config.userEmail;
+}
+function setUserEmail(email) {
+  saveConfig({ userEmail: email });
+}
+function setActiveWorkspace(workspaceId, options) {
+  if (options?.local) {
+    saveLocalConfig({ workspaceId }, options.cwd);
+  } else {
+    saveConfig({ activeWorkspaceId: workspaceId });
+  }
+}
+function setActiveProject(projectId, options) {
+  if (options?.local) {
+    saveLocalConfig({ projectId }, options.cwd);
+  } else {
+    saveConfig({ activeProjectId: projectId });
+  }
+}
+function getActiveWorkspaceId(cwd) {
+  const localConfig = loadLocalConfig(cwd);
+  if (localConfig?.workspaceId) {
+    return localConfig.workspaceId;
+  }
+  return loadConfig().activeWorkspaceId;
+}
+function getActiveProjectId(cwd) {
+  const localConfig = loadLocalConfig(cwd);
+  if (localConfig?.projectId) {
+    return localConfig.projectId;
+  }
+  return loadConfig().activeProjectId;
+}
+function isConfigured() {
+  const config = loadConfig();
+  return !!(config.apiKey || config.oauthAccessToken);
+}
+function areSkillsInstalled(cwd) {
+  const home = homedir();
+  const workingDir = cwd || process.cwd();
+  const foundPaths = [];
+  const globalSkillsDir = join(home, ".agents", "skills");
+  const globalSkillPath = join(globalSkillsDir, "hmy", "SKILL.md");
+  if (existsSync(globalSkillPath)) {
+    foundPaths.push(globalSkillPath);
+    return { installed: true, location: "global", paths: foundPaths };
+  }
+  const claudeGlobalSkill = join(home, ".claude", "skills", "hmy.md");
+  if (existsSync(claudeGlobalSkill)) {
+    foundPaths.push(claudeGlobalSkill);
+    return { installed: true, location: "global", paths: foundPaths };
+  }
+  const claudeGlobalSkillAlt = join(home, ".claude", "skills", "hmy", "SKILL.md");
+  if (existsSync(claudeGlobalSkillAlt)) {
+    foundPaths.push(claudeGlobalSkillAlt);
+    return { installed: true, location: "global", paths: foundPaths };
+  }
+  const localSkillPath = join(workingDir, ".claude", "skills", "hmy.md");
+  if (existsSync(localSkillPath)) {
+    foundPaths.push(localSkillPath);
+    return { installed: true, location: "local", paths: foundPaths };
+  }
+  const localSkillPathAlt = join(workingDir, ".claude", "skills", "hmy", "SKILL.md");
+  if (existsSync(localSkillPathAlt)) {
+    foundPaths.push(localSkillPathAlt);
+    return { installed: true, location: "local", paths: foundPaths };
+  }
+  return { installed: false, location: null, paths: [] };
+}
+function hasProjectContext(cwd) {
+  const localConfig = loadLocalConfig(cwd);
+  return !!(localConfig?.workspaceId || localConfig?.projectId);
+}
+function getMemoryDir() {
+  const config = loadConfig();
+  if (config.memoryDir)
+    return config.memoryDir;
+  return join(homedir(), ".harmony", "memory");
+}
+var DEFAULT_API_URL = "https://app.gethmy.com/api", LOCAL_CONFIG_FILENAME = ".harmony-mcp.json";
+var init_config = () => {};
+
 // src/prompt-builder.ts
 var exports_prompt_builder = {};
 __export(exports_prompt_builder, {
@@ -504,193 +700,139 @@ var init_prompt_builder = __esm(() => {
   };
 });
 
-// src/config.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-import { homedir } from "node:os";
-import { join } from "node:path";
-var DEFAULT_API_URL = "https://app.gethmy.com/api";
-var LOCAL_CONFIG_FILENAME = ".harmony-mcp.json";
-function getConfigDir() {
-  return join(homedir(), ".harmony-mcp");
+// src/oauth-login.ts
+function oauthBaseFromApiUrl(apiUrl) {
+  return `${new URL(apiUrl).origin}/oauth`;
 }
-function getConfigPath() {
-  return join(getConfigDir(), "config.json");
+var MCP_RESOURCE_URL, LOGIN_TIMEOUT_MS;
+var init_oauth_login = __esm(() => {
+  MCP_RESOURCE_URL = process.env.HARMONY_MCP_RESOURCE || "https://mcp.gethmy.com";
+  LOGIN_TIMEOUT_MS = 5 * 60 * 1000;
+});
+
+// src/oauth-refresh.ts
+var exports_oauth_refresh = {};
+__export(exports_oauth_refresh, {
+  refreshOAuthToken: () => refreshOAuthToken
+});
+import {
+  closeSync,
+  openSync,
+  renameSync,
+  rmSync,
+  statSync,
+  writeSync
+} from "node:fs";
+import { join as join2 } from "node:path";
+function lockPath() {
+  return join2(getConfigDir(), LOCK_FILENAME);
 }
-function getLocalConfigPath(cwd) {
-  return join(cwd || process.cwd(), LOCAL_CONFIG_FILENAME);
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
 }
-function loadConfig() {
-  const configPath = getConfigPath();
-  if (!existsSync(configPath)) {
-    return {
-      apiKey: null,
-      apiUrl: DEFAULT_API_URL,
-      activeWorkspaceId: null,
-      activeProjectId: null,
-      userEmail: null,
-      memoryDir: null
-    };
+async function withRefreshLock(fn) {
+  const path = lockPath();
+  const deadline = Date.now() + LOCK_ACQUIRE_TIMEOUT_MS;
+  let held = false;
+  while (Date.now() < deadline) {
+    try {
+      const fd = openSync(path, "wx");
+      writeSync(fd, String(process.pid));
+      closeSync(fd);
+      held = true;
+      break;
+    } catch (err) {
+      if (err.code !== "EEXIST") {
+        break;
+      }
+      try {
+        const age = Date.now() - statSync(path).mtimeMs;
+        if (age > LOCK_STALE_MS) {
+          const claim = `${path}.stale.${process.pid}`;
+          try {
+            renameSync(path, claim);
+            rmSync(claim, { force: true });
+          } catch {}
+          continue;
+        }
+      } catch {
+        continue;
+      }
+      await sleep(LOCK_RETRY_MS);
+    }
   }
   try {
-    const data = readFileSync(configPath, "utf-8");
-    const config = JSON.parse(data);
-    return {
-      apiKey: config.apiKey || null,
-      apiUrl: config.apiUrl || DEFAULT_API_URL,
-      activeWorkspaceId: config.activeWorkspaceId || null,
-      activeProjectId: config.activeProjectId || null,
-      userEmail: config.userEmail || null,
-      memoryDir: config.memoryDir || null
-    };
-  } catch {
-    return {
-      apiKey: null,
-      apiUrl: DEFAULT_API_URL,
-      activeWorkspaceId: null,
-      activeProjectId: null,
-      userEmail: null,
-      memoryDir: null
-    };
+    return await fn();
+  } finally {
+    if (held) {
+      try {
+        rmSync(path, { force: true });
+      } catch {}
+    }
   }
 }
-function saveConfig(config) {
-  const configDir = getConfigDir();
-  const configPath = getConfigPath();
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true, mode: 448 });
-  }
-  const existingConfig = loadConfig();
-  const newConfig = { ...existingConfig, ...config };
-  writeFileSync(configPath, JSON.stringify(newConfig, null, 2), {
-    mode: 384
+function refreshOAuthToken() {
+  if (inFlight)
+    return inFlight;
+  inFlight = doRefresh().finally(() => {
+    inFlight = null;
   });
+  return inFlight;
 }
-function loadLocalConfig(cwd) {
-  const localConfigPath = getLocalConfigPath(cwd);
-  if (!existsSync(localConfigPath)) {
-    return null;
-  }
-  try {
-    const data = readFileSync(localConfigPath, "utf-8");
-    const config = JSON.parse(data);
-    return {
-      workspaceId: config.workspaceId || null,
-      projectId: config.projectId || null
-    };
-  } catch {
+async function doRefresh() {
+  const before = loadConfig();
+  if (!before.oauthRefreshToken || !before.oauthClientId)
     return null;
-  }
-}
-function saveLocalConfig(config, cwd) {
-  const localConfigPath = getLocalConfigPath(cwd);
-  const existingConfig = loadLocalConfig(cwd) || {
-    workspaceId: null,
-    projectId: null
-  };
-  const newConfig = { ...existingConfig, ...config };
-  const cleanConfig = {};
-  if (newConfig.workspaceId)
-    cleanConfig.workspaceId = newConfig.workspaceId;
-  if (newConfig.projectId)
-    cleanConfig.projectId = newConfig.projectId;
-  writeFileSync(localConfigPath, JSON.stringify(cleanConfig, null, 2));
-}
-function hasLocalConfig(cwd) {
-  return existsSync(getLocalConfigPath(cwd));
-}
-function getApiKey() {
-  const config = loadConfig();
-  if (!config.apiKey) {
-    throw new Error(`Not configured. Run "npx @gethmy/mcp setup" to set your API key.
-` + "You can generate an API key at https://gethmy.com → Settings → API Keys.");
-  }
-  return config.apiKey;
-}
-function getApiUrl() {
-  const config = loadConfig();
-  return config.apiUrl;
-}
-function getUserEmail() {
-  const config = loadConfig();
-  return config.userEmail;
-}
-function setUserEmail(email) {
-  saveConfig({ userEmail: email });
-}
-function setActiveWorkspace(workspaceId, options) {
-  if (options?.local) {
-    saveLocalConfig({ workspaceId }, options.cwd);
-  } else {
-    saveConfig({ activeWorkspaceId: workspaceId });
-  }
-}
-function setActiveProject(projectId, options) {
-  if (options?.local) {
-    saveLocalConfig({ projectId }, options.cwd);
-  } else {
-    saveConfig({ activeProjectId: projectId });
-  }
-}
-function getActiveWorkspaceId(cwd) {
-  const localConfig = loadLocalConfig(cwd);
-  if (localConfig?.workspaceId) {
-    return localConfig.workspaceId;
-  }
-  return loadConfig().activeWorkspaceId;
-}
-function getActiveProjectId(cwd) {
-  const localConfig = loadLocalConfig(cwd);
-  if (localConfig?.projectId) {
-    return localConfig.projectId;
-  }
-  return loadConfig().activeProjectId;
-}
-function isConfigured() {
-  const config = loadConfig();
-  return !!config.apiKey;
-}
-function areSkillsInstalled(cwd) {
-  const home = homedir();
-  const workingDir = cwd || process.cwd();
-  const foundPaths = [];
-  const globalSkillsDir = join(home, ".agents", "skills");
-  const globalSkillPath = join(globalSkillsDir, "hmy", "SKILL.md");
-  if (existsSync(globalSkillPath)) {
-    foundPaths.push(globalSkillPath);
-    return { installed: true, location: "global", paths: foundPaths };
-  }
-  const claudeGlobalSkill = join(home, ".claude", "skills", "hmy.md");
-  if (existsSync(claudeGlobalSkill)) {
-    foundPaths.push(claudeGlobalSkill);
-    return { installed: true, location: "global", paths: foundPaths };
-  }
-  const claudeGlobalSkillAlt = join(home, ".claude", "skills", "hmy", "SKILL.md");
-  if (existsSync(claudeGlobalSkillAlt)) {
-    foundPaths.push(claudeGlobalSkillAlt);
-    return { installed: true, location: "global", paths: foundPaths };
-  }
-  const localSkillPath = join(workingDir, ".claude", "skills", "hmy.md");
-  if (existsSync(localSkillPath)) {
-    foundPaths.push(localSkillPath);
-    return { installed: true, location: "local", paths: foundPaths };
-  }
-  const localSkillPathAlt = join(workingDir, ".claude", "skills", "hmy", "SKILL.md");
-  if (existsSync(localSkillPathAlt)) {
-    foundPaths.push(localSkillPathAlt);
-    return { installed: true, location: "local", paths: foundPaths };
-  }
-  return { installed: false, location: null, paths: [] };
-}
-function hasProjectContext(cwd) {
-  const localConfig = loadLocalConfig(cwd);
-  return !!(localConfig?.workspaceId || localConfig?.projectId);
-}
-function getMemoryDir() {
-  const config = loadConfig();
-  if (config.memoryDir)
-    return config.memoryDir;
-  return join(homedir(), ".harmony", "memory");
+  return withRefreshLock(async () => {
+    const config = loadConfig();
+    if (config.oauthRefreshToken !== before.oauthRefreshToken && config.oauthAccessToken) {
+      return config.oauthAccessToken;
+    }
+    if (!config.oauthRefreshToken || !config.oauthClientId)
+      return null;
+    const base = oauthBaseFromApiUrl(config.apiUrl);
+    let res;
+    try {
+      res = await fetch(`${base}/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+          grant_type: "refresh_token",
+          refresh_token: config.oauthRefreshToken,
+          client_id: config.oauthClientId
+        }).toString()
+      });
+    } catch {
+      return null;
+    }
+    if (!res.ok) {
+      const errorCode = await res.json().then((b) => b?.error ?? null).catch(() => null);
+      if (errorCode === "invalid_grant") {
+        saveConfig({
+          oauthAccessToken: null,
+          oauthRefreshToken: null,
+          oauthExpiresAt: null,
+          oauthClientId: null
+        });
+      }
+      return null;
+    }
+    const body = await res.json().catch(() => null);
+    if (!body?.access_token || !body.refresh_token)
+      return null;
+    saveConfig({
+      oauthAccessToken: body.access_token,
+      oauthRefreshToken: body.refresh_token,
+      oauthExpiresAt: Date.now() + (body.expires_in ?? 0) * 1000
+    });
+    return body.access_token;
+  });
 }
+var inFlight = null, LOCK_FILENAME = "refresh.lock", LOCK_STALE_MS = 30000, LOCK_ACQUIRE_TIMEOUT_MS = 35000, LOCK_RETRY_MS = 100;
+var init_oauth_refresh = __esm(() => {
+  init_config();
+  init_oauth_login();
+});
 
 // ../harmony-shared/dist/cardLinks.js
 var LINK_TYPE_INVERSES = {
@@ -804,6 +946,7 @@ var TIMINGS = {
   QUERY_GC_TIME: 1000 * 60 * 60 * 24
 };
 // src/api-client.ts
+init_config();
 var RETRY_CONFIG = {
   maxRetries: 3,
   baseDelayMs: 1000,
@@ -823,7 +966,7 @@ function getRetryDelay(attempt) {
   const delay = Math.min(RETRY_CONFIG.baseDelayMs * 2 ** attempt, RETRY_CONFIG.maxDelayMs);
   return Math.round(delay + delay * 0.25 * (Math.random() * 2 - 1));
 }
-var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var sleep2 = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
 
 class Semaphore {
   permits;
@@ -888,10 +1031,12 @@ class HarmonyApiClient {
   apiKey;
   apiUrl;
   onUnauthorized;
+  refreshCredential;
   constructor(options) {
     this.apiKey = options?.apiKey ?? getApiKey();
     this.apiUrl = options?.apiUrl ?? getApiUrl();
     this.onUnauthorized = options?.onUnauthorized;
+    this.refreshCredential = options?.refreshCredential;
   }
   getApiUrl() {
     return this.apiUrl;
@@ -921,6 +1066,7 @@ class HarmonyApiClient {
   async requestWithRetry(method, path, body, options) {
     const url = `${this.apiUrl}/v1${path}`;
     let lastError = null;
+    let refreshed = false;
     const contentType = options?.contentType || "application/json";
     const accept = options?.accept || "application/json";
     for (let attempt = 0;attempt <= RETRY_CONFIG.maxRetries; attempt++) {
@@ -949,6 +1095,15 @@ class HarmonyApiClient {
         if (!response.ok) {
           const errorMsg = data?.error || (looksLikeJson ? null : `API error: ${response.status} (non-JSON response)`) || `API error: ${response.status}`;
           if (response.status === 401) {
+            if (this.refreshCredential && !refreshed) {
+              refreshed = true;
+              const fresh = await this.refreshCredential();
+              if (fresh) {
+                this.apiKey = fresh;
+                attempt--;
+                continue;
+              }
+            }
             this.onUnauthorized?.();
             throw new HarmonyUnauthorizedError(errorMsg);
           }
@@ -957,7 +1112,7 @@ class HarmonyApiClient {
           }
           lastError = new Error(errorMsg);
           if (attempt < RETRY_CONFIG.maxRetries) {
-            await sleep(getRetryDelay(attempt));
+            await sleep2(getRetryDelay(attempt));
             continue;
           }
           throw lastError;
@@ -971,7 +1126,7 @@ class HarmonyApiClient {
         if (!isRetryableError(error))
           throw lastError;
         if (attempt < RETRY_CONFIG.maxRetries) {
-          await sleep(getRetryDelay(attempt));
+          await sleep2(getRetryDelay(attempt));
         }
       }
     }
@@ -980,6 +1135,7 @@ class HarmonyApiClient {
   async requestRawWithRetry(method, path, body, options) {
     const url = `${this.apiUrl}/v1${path}`;
     let lastError = null;
+    let refreshed = false;
     const contentType = options?.contentType || "application/json";
     const accept = options?.accept || "text/markdown";
     for (let attempt = 0;attempt <= RETRY_CONFIG.maxRetries; attempt++) {
@@ -1002,6 +1158,15 @@ class HarmonyApiClient {
             errorMsg = text || `API error: ${response.status}`;
           }
           if (response.status === 401) {
+            if (this.refreshCredential && !refreshed) {
+              refreshed = true;
+              const fresh = await this.refreshCredential();
+              if (fresh) {
+                this.apiKey = fresh;
+                attempt--;
+                continue;
+              }
+            }
             this.onUnauthorized?.();
             throw new HarmonyUnauthorizedError(errorMsg);
           }
@@ -1010,7 +1175,7 @@ class HarmonyApiClient {
           }
           lastError = new Error(errorMsg);
           if (attempt < RETRY_CONFIG.maxRetries) {
-            await sleep(getRetryDelay(attempt));
+            await sleep2(getRetryDelay(attempt));
             continue;
           }
           throw lastError;
@@ -1021,7 +1186,7 @@ class HarmonyApiClient {
         if (!isRetryableError(error))
           throw lastError;
         if (attempt < RETRY_CONFIG.maxRetries) {
-          await sleep(getRetryDelay(attempt));
+          await sleep2(getRetryDelay(attempt));
         }
       }
     }
@@ -1603,7 +1768,12 @@ async function loadPromptModules() {
 var client = null;
 function getClient() {
   if (!client) {
-    client = new HarmonyApiClient;
+    client = new HarmonyApiClient({
+      refreshCredential: async () => {
+        const { refreshOAuthToken: refreshOAuthToken2 } = await Promise.resolve().then(() => (init_oauth_refresh(), exports_oauth_refresh));
+        return refreshOAuthToken2();
+      }
+    });
   }
   return client;
 }