@glasstrace/sdk 1.1.0 → 1.1.2

package/dist/cli/mcp-add.cjs

@@ -30,14 +30,18 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/cli/mcp-add.ts
 var mcp_add_exports = {};
 __export(mcp_add_exports, {
-  mcpAdd: () => mcpAdd
+  mcpAdd: () => mcpAdd,
+  registerViaCli: () => registerViaCli
 });
 module.exports = __toCommonJS(mcp_add_exports);
 var import_node_child_process2 = require("node:child_process");
-var fs2 = __toESM(require("node:fs"), 1);
-var path2 = __toESM(require("node:path"), 1);
+var fs = __toESM(require("node:fs"), 1);
+var path = __toESM(require("node:path"), 1);
 var import_node_util = require("node:util");
 
+// src/mcp-runtime.ts
+var import_node_crypto = require("node:crypto");
+
 // ../../node_modules/zod/v4/classic/external.js
 var external_exports = {};
 __export(external_exports, {
@@ -805,10 +809,10 @@ function mergeDefs(...defs) {
 function cloneDef(schema) {
   return mergeDefs(schema._zod.def);
 }
-function getElementAtPath(obj, path3) {
-  if (!path3)
+function getElementAtPath(obj, path2) {
+  if (!path2)
     return obj;
-  return path3.reduce((acc, key) => acc?.[key], obj);
+  return path2.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -1191,11 +1195,11 @@ function aborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path3, issues) {
+function prefixIssues(path2, issues) {
   return issues.map((iss) => {
     var _a2;
     (_a2 = iss).path ?? (_a2.path = []);
-    iss.path.unshift(path3);
+    iss.path.unshift(path2);
     return iss;
   });
 }
@@ -1378,7 +1382,7 @@ function formatError(error48, mapper = (issue2) => issue2.message) {
 }
 function treeifyError(error48, mapper = (issue2) => issue2.message) {
   const result = { errors: [] };
-  const processError = (error49, path3 = []) => {
+  const processError = (error49, path2 = []) => {
     var _a2, _b;
     for (const issue2 of error49.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
@@ -1388,7 +1392,7 @@ function treeifyError(error48, mapper = (issue2) => issue2.message) {
       } else if (issue2.code === "invalid_element") {
         processError({ issues: issue2.issues }, issue2.path);
       } else {
-        const fullpath = [...path3, ...issue2.path];
+        const fullpath = [...path2, ...issue2.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue2));
           continue;
@@ -1420,8 +1424,8 @@ function treeifyError(error48, mapper = (issue2) => issue2.message) {
 }
 function toDotPath(_path) {
   const segs = [];
-  const path3 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path3) {
+  const path2 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path2) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -13398,13 +13402,13 @@ function resolveRef(ref, ctx) {
   if (!ref.startsWith("#")) {
     throw new Error("External $ref is not supported, only local refs (#/...) are allowed");
   }
-  const path3 = ref.slice(1).split("/").filter(Boolean);
-  if (path3.length === 0) {
+  const path2 = ref.slice(1).split("/").filter(Boolean);
+  if (path2.length === 0) {
     return ctx.rootSchema;
   }
   const defsKey = ctx.version === "draft-2020-12" ? "$defs" : "definitions";
-  if (path3[0] === defsKey) {
-    const key = path3[1];
+  if (path2[0] === defsKey) {
+    const key = path2[1];
     if (!key || !ctx.defs[key]) {
       throw new Error(`Reference not found: ${ref}`);
     }
@@ -14001,15 +14005,16 @@ var K = new Uint32Array([
 // src/anon-key.ts
 var GLASSTRACE_DIR = ".glasstrace";
 var ANON_KEY_FILE = "anon_key";
+var CLAIMED_KEY_FILE = "claimed-key";
 var fsPathCache;
 async function loadFsPath() {
   if (fsPathCache !== void 0) return fsPathCache;
   try {
-    const [fs3, path3] = await Promise.all([
+    const [fs2, path2] = await Promise.all([
       import("node:fs/promises"),
       import("node:path")
     ]);
-    fsPathCache = { fs: fs3, path: path3 };
+    fsPathCache = { fs: fs2, path: path2 };
     return fsPathCache;
   } catch {
     fsPathCache = null;
@@ -14037,6 +14042,172 @@ async function readAnonKey(projectRoot) {
   }
   return null;
 }
+async function readClaimedKey(projectRoot) {
+  const root = projectRoot ?? process.cwd();
+  const modules = await loadFsPath();
+  if (!modules) return null;
+  const keyPath = modules.path.join(root, GLASSTRACE_DIR, CLAIMED_KEY_FILE);
+  try {
+    const content = await modules.fs.readFile(keyPath, "utf-8");
+    const trimmed = content.trim();
+    const parsed = DevApiKeySchema.safeParse(trimmed);
+    if (parsed.success) {
+      return parsed.data;
+    }
+  } catch {
+  }
+  return null;
+}
+
+// src/mcp-runtime.ts
+var MCP_ENDPOINT = "https://api.glasstrace.dev/mcp";
+var fsPathCache2;
+async function loadFsPath2() {
+  if (fsPathCache2 !== void 0) return fsPathCache2;
+  try {
+    const [fs2, path2] = await Promise.all([
+      import("node:fs/promises"),
+      import("node:path")
+    ]);
+    fsPathCache2 = { fs: fs2, path: path2 };
+    return fsPathCache2;
+  } catch {
+    fsPathCache2 = null;
+    return null;
+  }
+}
+function identityFingerprint(token) {
+  return `sha256:${(0, import_node_crypto.createHash)("sha256").update(token).digest("hex")}`;
+}
+function readEnvLocalApiKey(content) {
+  let last = null;
+  const regex = /^\s*GLASSTRACE_API_KEY\s*=\s*(.*)$/gm;
+  let match;
+  while ((match = regex.exec(content)) !== null) {
+    const raw = match[1].trim();
+    if (raw === "") continue;
+    const unquoted = raw.replace(/^(['"])(.*)\1$/, "$2");
+    if (unquoted === "" || unquoted === "your_key_here") continue;
+    last = unquoted;
+  }
+  return last;
+}
+function isAnonApiKey(value) {
+  if (value === null || value === void 0) return false;
+  return AnonApiKeySchema.safeParse(value).success;
+}
+async function resolveEffectiveMcpCredential(projectRoot) {
+  const root = projectRoot ?? process.cwd();
+  const warnings = [];
+  const envLocalKey = await readEnvLocalDevKey(root, warnings);
+  const claimedKey = envLocalKey === null ? await readClaimedKey(root) : null;
+  const anonKey = await readAnonKey(root);
+  let effective = null;
+  if (envLocalKey !== null) {
+    effective = { source: "env-local", key: envLocalKey };
+  } else if (claimedKey !== null) {
+    effective = { source: "claimed-key", key: claimedKey };
+    warnings.push("claimed-key-only");
+  } else if (anonKey !== null) {
+    effective = { source: "anon", key: anonKey };
+  }
+  return { effective, anonKey, warnings };
+}
+async function readEnvLocalDevKey(root, warnings) {
+  const modules = await loadFsPath2();
+  if (!modules) return null;
+  const envPath = modules.path.join(root, ".env.local");
+  let content;
+  try {
+    content = await modules.fs.readFile(envPath, "utf-8");
+  } catch {
+    return null;
+  }
+  const raw = readEnvLocalApiKey(content);
+  if (raw === null) return null;
+  const parsed = DevApiKeySchema.safeParse(raw);
+  if (!parsed.success) {
+    warnings.push("malformed-env-local");
+    return null;
+  }
+  return parsed.data;
+}
+var MCP_MARKER_FILE = "mcp-connected";
+var GLASSTRACE_DIR2 = ".glasstrace";
+async function readMcpMarker(projectRoot) {
+  const root = projectRoot ?? process.cwd();
+  const modules = await loadFsPath2();
+  if (!modules) return { status: "absent" };
+  const markerPath = modules.path.join(root, GLASSTRACE_DIR2, MCP_MARKER_FILE);
+  let content;
+  try {
+    content = await modules.fs.readFile(markerPath, "utf-8");
+  } catch {
+    return { status: "absent" };
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch {
+    return { status: "corrupted" };
+  }
+  if (parsed === null || typeof parsed !== "object") {
+    return { status: "corrupted" };
+  }
+  const obj = parsed;
+  const version2 = obj["version"];
+  if (version2 === void 0) {
+    const keyHash = obj["keyHash"];
+    if (typeof keyHash !== "string" || keyHash === "") {
+      return { status: "corrupted" };
+    }
+    return {
+      status: "valid",
+      credentialSource: "anon",
+      credentialHash: keyHash
+    };
+  }
+  if (version2 === 2) {
+    const source = obj["credentialSource"];
+    const hash2 = obj["credentialHash"];
+    if (source !== "env-local" && source !== "claimed-key" && source !== "anon" || typeof hash2 !== "string" || hash2 === "") {
+      return { status: "corrupted" };
+    }
+    return {
+      status: "valid",
+      credentialSource: source,
+      credentialHash: hash2
+    };
+  }
+  if (typeof version2 === "number" && version2 > 2) {
+    return { status: "unknown-version" };
+  }
+  return { status: "corrupted" };
+}
+async function writeMcpMarker(projectRoot, target) {
+  const modules = await loadFsPath2();
+  if (!modules) return false;
+  const dirPath = modules.path.join(projectRoot, GLASSTRACE_DIR2);
+  const markerPath = modules.path.join(dirPath, MCP_MARKER_FILE);
+  const state = await readMcpMarker(projectRoot);
+  if (state.status === "valid" && state.credentialSource === target.credentialSource && state.credentialHash === target.credentialHash) {
+    return false;
+  }
+  await modules.fs.mkdir(dirPath, { recursive: true, mode: 448 });
+  const body = JSON.stringify(
+    {
+      version: 2,
+      credentialSource: target.credentialSource,
+      credentialHash: target.credentialHash,
+      configuredAt: (/* @__PURE__ */ new Date()).toISOString()
+    },
+    null,
+    2
+  );
+  await modules.fs.writeFile(markerPath, body, { mode: 384 });
+  await modules.fs.chmod(markerPath, 384);
+  return true;
+}
 
 // src/agent-detection/detect.ts
 var import_node_child_process = require("node:child_process");
@@ -14086,9 +14257,9 @@ var AGENT_RULES = [
     registrationCommand: "npx glasstrace mcp add --agent windsurf"
   }
 ];
-async function pathExists(path3, mode = import_node_fs.constants.R_OK) {
+async function pathExists(path2, mode = import_node_fs.constants.R_OK) {
   try {
-    await (0, import_promises.access)(path3, mode);
+    await (0, import_promises.access)(path2, mode);
     return true;
   } catch {
     return false;
@@ -14192,12 +14363,12 @@ async function detectAgents(projectRoot) {
 }
 
 // src/agent-detection/configs.ts
-function generateMcpConfig(agent, endpoint, anonKey) {
+function generateMcpConfig(agent, endpoint, bearer) {
   if (!endpoint || endpoint.trim() === "") {
     throw new Error("endpoint must not be empty");
   }
-  if (!anonKey || anonKey.trim() === "") {
-    throw new Error("anonKey must not be empty");
+  if (!bearer || bearer.trim() === "") {
+    throw new Error("bearer must not be empty");
   }
   switch (agent.name) {
     case "claude":
@@ -14208,7 +14379,7 @@ function generateMcpConfig(agent, endpoint, anonKey) {
               type: "http",
               url: endpoint,
               headers: {
-                Authorization: `Bearer ${anonKey}`
+                Authorization: `Bearer ${bearer}`
               }
             }
           }
@@ -14232,7 +14403,7 @@ function generateMcpConfig(agent, endpoint, anonKey) {
             glasstrace: {
               httpUrl: endpoint,
               headers: {
-                Authorization: `Bearer ${anonKey}`
+                Authorization: `Bearer ${bearer}`
               }
             }
           }
@@ -14247,7 +14418,7 @@ function generateMcpConfig(agent, endpoint, anonKey) {
             glasstrace: {
               url: endpoint,
               headers: {
-                Authorization: `Bearer ${anonKey}`
+                Authorization: `Bearer ${bearer}`
               }
             }
           }
@@ -14262,7 +14433,7 @@ function generateMcpConfig(agent, endpoint, anonKey) {
             glasstrace: {
               serverUrl: endpoint,
               headers: {
-                Authorization: `Bearer ${anonKey}`
+                Authorization: `Bearer ${bearer}`
               }
             }
           }
@@ -14277,7 +14448,7 @@ function generateMcpConfig(agent, endpoint, anonKey) {
             glasstrace: {
               url: endpoint,
               headers: {
-                Authorization: `Bearer ${anonKey}`
+                Authorization: `Bearer ${bearer}`
               }
             }
           }
@@ -14531,13 +14702,7 @@ async function updateGitignore(paths, projectRoot) {
   }
 }
 
-// src/cli/scaffolder.ts
-var import_node_crypto = require("node:crypto");
-var fs = __toESM(require("node:fs"), 1);
-var path = __toESM(require("node:path"), 1);
-
 // src/cli/constants.ts
-var MCP_ENDPOINT = "https://api.glasstrace.dev/mcp";
 function formatAgentName(name) {
   const displayNames = {
     claude: "Claude Code",
@@ -14545,52 +14710,27 @@ function formatAgentName(name) {
     gemini: "Gemini",
     cursor: "Cursor",
     windsurf: "Windsurf",
-    generic: "Generic"
+    generic: "Generic helper"
   };
   return displayNames[name];
 }
 
-// src/cli/scaffolder.ts
-function identityFingerprint(token) {
-  return `sha256:${(0, import_node_crypto.createHash)("sha256").update(token).digest("hex")}`;
-}
-async function scaffoldMcpMarker(projectRoot, anonKey) {
-  const dirPath = path.join(projectRoot, ".glasstrace");
-  const markerPath = path.join(dirPath, "mcp-connected");
-  const keyHash = identityFingerprint(anonKey);
-  if (fs.existsSync(markerPath)) {
-    try {
-      const existing = JSON.parse(fs.readFileSync(markerPath, "utf-8"));
-      if (existing.keyHash === keyHash) {
-        return false;
-      }
-    } catch {
-    }
-  }
-  fs.mkdirSync(dirPath, { recursive: true, mode: 448 });
-  const marker = JSON.stringify(
-    { keyHash, configuredAt: (/* @__PURE__ */ new Date()).toISOString() },
-    null,
-    2
-  );
-  fs.writeFileSync(markerPath, marker, { mode: 384 });
-  fs.chmodSync(markerPath, 384);
-  return true;
-}
-
 // src/cli/mcp-add.ts
 var execFileAsync = (0, import_node_util.promisify)(import_node_child_process2.execFile);
-async function registerViaCli(agent, anonKey) {
+async function registerViaCli(agent, bearer) {
   if (!agent.cliAvailable) {
     return false;
   }
+  if (agent.name !== "codex" && !isAnonApiKey(bearer)) {
+    return false;
+  }
   try {
     switch (agent.name) {
       case "claude": {
         const payload = JSON.stringify({
           type: "http",
           url: MCP_ENDPOINT,
-          headers: { Authorization: `Bearer ${anonKey}` }
+          headers: { Authorization: `Bearer ${bearer}` }
         });
         await execFileAsync("claude", [
           "mcp",
@@ -14611,11 +14751,11 @@ async function registerViaCli(agent, anonKey) {
           MCP_ENDPOINT
         ]);
         const configPath = agent.mcpConfigPath;
-        if (configPath !== null && fs2.existsSync(configPath)) {
-          const content = fs2.readFileSync(configPath, "utf-8");
+        if (configPath !== null && fs.existsSync(configPath)) {
+          const content = fs.readFileSync(configPath, "utf-8");
           if (!content.includes("bearer_token_env_var")) {
             const appendContent = content.endsWith("\n") ? "" : "\n";
-            fs2.writeFileSync(
+            fs.writeFileSync(
               configPath,
               content + appendContent + 'bearer_token_env_var = "GLASSTRACE_API_KEY"\n',
               "utf-8"
@@ -14634,7 +14774,7 @@ async function registerViaCli(agent, anonKey) {
           "--transport",
           "http",
           "--header",
-          `Authorization: Bearer ${anonKey}`,
+          `Authorization: Bearer ${bearer}`,
           "glasstrace",
           MCP_ENDPOINT
         ]);
@@ -14647,35 +14787,51 @@ async function registerViaCli(agent, anonKey) {
     return false;
   }
 }
+async function markerMatchesEffective(projectRoot, effective) {
+  const state = await readMcpMarker(projectRoot);
+  if (state.status !== "valid") return false;
+  return state.credentialHash === identityFingerprint(effective.key);
+}
 async function mcpAdd(options) {
   const force = options?.force ?? false;
   const dryRun = options?.dryRun ?? false;
   const projectRoot = process.cwd();
   const messages = [];
-  const anonKey = await readAnonKey(projectRoot);
-  if (anonKey === null) {
+  const resolved = await resolveEffectiveMcpCredential(projectRoot);
+  if (resolved.effective === null) {
     return {
       exitCode: 1,
       results: [],
       messages: ["Error: Run `glasstrace init` first to generate an API key."]
     };
   }
-  const markerPath = path2.join(projectRoot, ".glasstrace", "mcp-connected");
-  if (fs2.existsSync(markerPath) && !force) {
-    return {
-      exitCode: 0,
-      results: [],
-      messages: ["MCP already configured. Use --force to reconfigure."]
-    };
+  if (resolved.warnings.includes("claimed-key-only")) {
+    messages.push(
+      "Note: dev key was loaded from .glasstrace/claimed-key. Copy it into .env.local so your app and Codex pick it up automatically."
+    );
+  }
+  const markerPath = path.join(projectRoot, ".glasstrace", "mcp-connected");
+  if (fs.existsSync(markerPath) && !force) {
+    if (await markerMatchesEffective(projectRoot, resolved.effective)) {
+      return {
+        exitCode: 0,
+        results: [],
+        messages: ["MCP already configured. Use --force to reconfigure."]
+      };
+    }
+    messages.push(
+      "Detected a credential change since MCP was last configured. Refreshing MCP config so queries use the current account credential."
+    );
   }
   const agents = await detectAgents(projectRoot);
   const detectedNonGeneric = agents.filter((a) => a.name !== "generic");
-  const targetAgents = detectedNonGeneric.length > 0 ? detectedNonGeneric : agents.filter((a) => a.name === "generic");
+  const genericAgent = agents.find((a) => a.name === "generic");
+  const targetAgents = genericAgent ? [...detectedNonGeneric, genericAgent] : detectedNonGeneric;
   if (dryRun) {
     messages.push("Dry run: would perform the following actions:", "");
     for (const agent of targetAgents) {
       const name = formatAgentName(agent.name);
-      if (agent.cliAvailable) {
+      if (agent.cliAvailable && resolved.effective.source === "anon") {
         messages.push(
           `  ${name}: Register via CLI (${agent.name} mcp add)`
         );
@@ -14698,10 +14854,11 @@ async function mcpAdd(options) {
     return { exitCode: 0, results: [], messages };
   }
   const results = [];
+  const bearer = resolved.effective.key;
   for (const agent of targetAgents) {
     const name = formatAgentName(agent.name);
     if (agent.name !== "generic") {
-      const cliSuccess = await registerViaCli(agent, anonKey);
+      const cliSuccess = await registerViaCli(agent, bearer);
       if (cliSuccess) {
         const infoContent = generateInfoSection(agent, MCP_ENDPOINT);
         if (infoContent !== "") {
@@ -14718,9 +14875,9 @@ async function mcpAdd(options) {
     }
     if (agent.mcpConfigPath !== null) {
       try {
-        const configContent = generateMcpConfig(agent, MCP_ENDPOINT, anonKey);
+        const configContent = generateMcpConfig(agent, MCP_ENDPOINT, bearer);
         await writeMcpConfig(agent, configContent, projectRoot);
-        if (fs2.existsSync(agent.mcpConfigPath)) {
+        if (fs.existsSync(agent.mcpConfigPath)) {
           const infoContent = generateInfoSection(agent, MCP_ENDPOINT);
           if (infoContent !== "") {
             await injectInfoSection(agent, infoContent, projectRoot);
@@ -14763,7 +14920,10 @@ async function mcpAdd(options) {
   );
   const anySuccess = results.some((r) => r.success);
   if (anySuccess) {
-    await scaffoldMcpMarker(projectRoot, anonKey);
+    await writeMcpMarker(projectRoot, {
+      credentialSource: resolved.effective.source,
+      credentialHash: identityFingerprint(resolved.effective.key)
+    });
   }
   messages.push("", "MCP registration summary:");
   for (const result of results) {
@@ -14775,6 +14935,17 @@ async function mcpAdd(options) {
       "  No agents detected. Place agent marker files (e.g., CLAUDE.md, .cursor/) in your project."
     );
   }
+  const detectedNonGenericResults = results.filter(
+    (r) => detectedNonGeneric.some((a) => a.name === r.agent)
+  );
+  const allDetectedNonGenericFailed = detectedNonGeneric.length > 0 && !detectedNonGenericResults.some((r) => r.success);
+  if (allDetectedNonGenericFailed) {
+    messages.push(
+      "",
+      "All detected agent registrations failed. Check errors above."
+    );
+    return { exitCode: 1, results, messages };
+  }
   if (!anySuccess && results.length > 0) {
     messages.push(
       "",
@@ -14789,6 +14960,7 @@ async function mcpAdd(options) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  mcpAdd
+  mcpAdd,
+  registerViaCli
 });
 //# sourceMappingURL=mcp-add.cjs.map