npm - @hailer/mcp - Versions diffs - 1.1.11 → 1.1.13 - Mend

@hailer/mcp 1.1.11 → 1.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

package/dist/app.js +18 -5
package/dist/bot/bot-config.d.ts +12 -1
package/dist/bot/bot-config.js +98 -14
package/dist/bot/bot-manager.d.ts +13 -3
package/dist/bot/bot-manager.js +80 -25
package/dist/bot/bot.d.ts +46 -0
package/dist/bot/bot.js +542 -166
package/dist/bot/services/message-classifier.js +17 -0
package/dist/bot/services/permission-guard.d.ts +52 -0
package/dist/bot/services/permission-guard.js +149 -0
package/dist/bot/services/types.d.ts +5 -0
package/dist/bot/services/typing-indicator.d.ts +6 -1
package/dist/bot/services/typing-indicator.js +19 -3
package/dist/config.d.ts +6 -1
package/dist/config.js +43 -0
package/dist/core.js +3 -6
package/dist/mcp/UserContextCache.d.ts +5 -0
package/dist/mcp/UserContextCache.js +51 -19
package/dist/mcp/hailer-clients.d.ts +19 -1
package/dist/mcp/hailer-clients.js +157 -20
package/dist/mcp/session-store.d.ts +68 -0
package/dist/mcp/session-store.js +169 -0
package/dist/mcp/signal-handler.js +12 -12
package/dist/mcp/tool-registry.d.ts +17 -4
package/dist/mcp/tool-registry.js +37 -7
package/dist/mcp/tools/activity.js +99 -7
package/dist/mcp/tools/app-scaffold.js +304 -336
package/dist/mcp/tools/company.d.ts +9 -0
package/dist/mcp/tools/company.js +88 -0
package/dist/mcp/tools/discussion.js +68 -0
package/dist/mcp/tools/workflow-permissions.d.ts +15 -0
package/dist/mcp/tools/workflow-permissions.js +204 -0
package/dist/mcp/tools/workflow.js +57 -18
package/dist/mcp/utils/index.d.ts +2 -0
package/dist/mcp/utils/index.js +12 -1
package/dist/mcp/utils/role-utils.d.ts +74 -0
package/dist/mcp/utils/role-utils.js +151 -0
package/dist/mcp/utils/types.d.ts +43 -1
package/dist/mcp/utils/types.js +14 -0
package/dist/mcp/webhook-handler.d.ts +6 -0
package/dist/mcp/webhook-handler.js +11 -0
package/dist/mcp-server.d.ts +23 -2
package/dist/mcp-server.js +639 -111
package/dist/plugins/vipunen/client.d.ts +150 -0
package/dist/plugins/vipunen/client.js +535 -0
package/dist/plugins/vipunen/config/schema-config.json +19 -0
package/dist/plugins/vipunen/config/schema-doc.json +22 -0
package/dist/plugins/vipunen/index.d.ts +41 -0
package/dist/plugins/vipunen/index.js +88 -0
package/dist/plugins/vipunen/tools.d.ts +26 -0
package/dist/plugins/vipunen/tools.js +501 -0
package/package.json +2 -1
package/.claude/.context-watchdog.json +0 -1
package/.claude/.session-checked +0 -1
package/.claude/CLAUDE.md +0 -370
package/.claude/agents/agent-ada-skill-builder.md +0 -94
package/.claude/agents/agent-alejandro-function-fields.md +0 -342
package/.claude/agents/agent-bjorn-config-audit.md +0 -103
package/.claude/agents/agent-builder-agent-creator.md +0 -130
package/.claude/agents/agent-code-simplifier.md +0 -53
package/.claude/agents/agent-dmitri-activity-crud.md +0 -159
package/.claude/agents/agent-giuseppe-app-builder.md +0 -247
package/.claude/agents/agent-gunther-mcp-tools.md +0 -39
package/.claude/agents/agent-helga-workflow-config.md +0 -204
package/.claude/agents/agent-igor-activity-mover-automation.md +0 -125
package/.claude/agents/agent-ingrid-doc-templates.md +0 -261
package/.claude/agents/agent-ivan-monolith.md +0 -154
package/.claude/agents/agent-kenji-data-reader.md +0 -86
package/.claude/agents/agent-lars-code-inspector.md +0 -102
package/.claude/agents/agent-marco-mockup-builder.md +0 -110
package/.claude/agents/agent-marcus-api-documenter.md +0 -323
package/.claude/agents/agent-marketplace-publisher.md +0 -280
package/.claude/agents/agent-marketplace-reviewer.md +0 -309
package/.claude/agents/agent-permissions-handler.md +0 -208
package/.claude/agents/agent-simple-writer.md +0 -48
package/.claude/agents/agent-svetlana-code-review.md +0 -171
package/.claude/agents/agent-tanya-test-runner.md +0 -333
package/.claude/agents/agent-ui-designer.md +0 -100
package/.claude/agents/agent-viktor-sql-insights.md +0 -212
package/.claude/agents/agent-web-search.md +0 -55
package/.claude/agents/agent-yevgeni-discussions.md +0 -45
package/.claude/agents/agent-zara-zapier.md +0 -159
package/.claude/commands/app-squad.md +0 -135
package/.claude/commands/audit-squad.md +0 -158
package/.claude/commands/autoplan.md +0 -563
package/.claude/commands/cleanup-squad.md +0 -98
package/.claude/commands/config-squad.md +0 -106
package/.claude/commands/crud-squad.md +0 -87
package/.claude/commands/data-squad.md +0 -97
package/.claude/commands/debug-squad.md +0 -303
package/.claude/commands/doc-squad.md +0 -65
package/.claude/commands/handoff.md +0 -137
package/.claude/commands/health.md +0 -49
package/.claude/commands/help.md +0 -29
package/.claude/commands/help:agents.md +0 -151
package/.claude/commands/help:commands.md +0 -78
package/.claude/commands/help:faq.md +0 -79
package/.claude/commands/help:plugins.md +0 -50
package/.claude/commands/help:skills.md +0 -93
package/.claude/commands/help:tools.md +0 -75
package/.claude/commands/hotfix-squad.md +0 -112
package/.claude/commands/integration-squad.md +0 -82
package/.claude/commands/janitor-squad.md +0 -167
package/.claude/commands/learn-auto.md +0 -120
package/.claude/commands/learn.md +0 -120
package/.claude/commands/mcp-list.md +0 -27
package/.claude/commands/onboard-squad.md +0 -140
package/.claude/commands/plan-workspace.md +0 -732
package/.claude/commands/prd.md +0 -130
package/.claude/commands/project-status.md +0 -82
package/.claude/commands/publish.md +0 -138
package/.claude/commands/recap.md +0 -69
package/.claude/commands/restore.md +0 -64
package/.claude/commands/review-squad.md +0 -152
package/.claude/commands/save.md +0 -24
package/.claude/commands/stats.md +0 -19
package/.claude/commands/swarm.md +0 -210
package/.claude/commands/tool-builder.md +0 -39
package/.claude/commands/ws-pull.md +0 -44
package/.claude/hooks/_shared-memory.cjs +0 -305
package/.claude/hooks/_utils.cjs +0 -108
package/.claude/hooks/agent-failure-detector.cjs +0 -383
package/.claude/hooks/agent-usage-logger.cjs +0 -204
package/.claude/hooks/app-edit-guard.cjs +0 -494
package/.claude/hooks/auto-learn.cjs +0 -304
package/.claude/hooks/bash-guard.cjs +0 -272
package/.claude/hooks/builder-mode-manager.cjs +0 -354
package/.claude/hooks/bulk-activity-guard.cjs +0 -271
package/.claude/hooks/context-watchdog.cjs +0 -230
package/.claude/hooks/delegation-reminder.cjs +0 -465
package/.claude/hooks/design-system-lint.cjs +0 -271
package/.claude/hooks/post-scaffold-hook.cjs +0 -181
package/.claude/hooks/prompt-guard.cjs +0 -354
package/.claude/hooks/publish-template-guard.cjs +0 -147
package/.claude/hooks/session-start.cjs +0 -35
package/.claude/hooks/shared-memory-writer.cjs +0 -147
package/.claude/hooks/skill-injector.cjs +0 -140
package/.claude/hooks/skill-usage-logger.cjs +0 -258
package/.claude/hooks/src-edit-guard.cjs +0 -240
package/.claude/hooks/sync-marketplace-agents.cjs +0 -346
package/.claude/settings.json +0 -257
package/.claude/skills/SDK-activity-patterns/SKILL.md +0 -428
package/.claude/skills/SDK-document-templates/SKILL.md +0 -1033
package/.claude/skills/SDK-function-fields/SKILL.md +0 -542
package/.claude/skills/SDK-generate-skill/SKILL.md +0 -92
package/.claude/skills/SDK-init-skill/SKILL.md +0 -127
package/.claude/skills/SDK-insight-queries/SKILL.md +0 -787
package/.claude/skills/SDK-ws-config-skill/SKILL.md +0 -1139
package/.claude/skills/agent-structure/SKILL.md +0 -98
package/.claude/skills/api-documentation-patterns/SKILL.md +0 -474
package/.claude/skills/chrome-mcp-reference/SKILL.md +0 -370
package/.claude/skills/delegation-routing/SKILL.md +0 -202
package/.claude/skills/frontend-design/SKILL.md +0 -254
package/.claude/skills/hailer-activity-mover/SKILL.md +0 -213
package/.claude/skills/hailer-api-client/SKILL.md +0 -518
package/.claude/skills/hailer-app-builder/SKILL.md +0 -1434
package/.claude/skills/hailer-apps-pictures/SKILL.md +0 -269
package/.claude/skills/hailer-design-system/SKILL.md +0 -235
package/.claude/skills/hailer-monolith-automations/SKILL.md +0 -686
package/.claude/skills/hailer-permissions-system/SKILL.md +0 -121
package/.claude/skills/hailer-project-protocol/SKILL.md +0 -488
package/.claude/skills/hailer-rest-api/SKILL.md +0 -61
package/.claude/skills/hailer-rest-api/hailer-activities.md +0 -184
package/.claude/skills/hailer-rest-api/hailer-admin.md +0 -473
package/.claude/skills/hailer-rest-api/hailer-calendar.md +0 -256
package/.claude/skills/hailer-rest-api/hailer-feed.md +0 -249
package/.claude/skills/hailer-rest-api/hailer-insights.md +0 -195
package/.claude/skills/hailer-rest-api/hailer-messaging.md +0 -276
package/.claude/skills/hailer-rest-api/hailer-workflows.md +0 -283
package/.claude/skills/insight-join-patterns/SKILL.md +0 -174
package/.claude/skills/integration-patterns/SKILL.md +0 -421
package/.claude/skills/json-only-output/SKILL.md +0 -72
package/.claude/skills/lsp-setup/SKILL.md +0 -160
package/.claude/skills/mcp-direct-tools/SKILL.md +0 -153
package/.claude/skills/optional-parameters/SKILL.md +0 -72
package/.claude/skills/publish-hailer-app/SKILL.md +0 -244
package/.claude/skills/testing-patterns/SKILL.md +0 -630
package/.claude/skills/tool-builder/SKILL.md +0 -250
package/.claude/skills/tool-parameter-usage/SKILL.md +0 -126
package/.claude/skills/tool-response-verification/SKILL.md +0 -92
package/.claude/skills/zapier-hailer-patterns/SKILL.md +0 -581
package/.hailer-mcp-port +0 -1
package/.mcp.json +0 -13
package/.opencode/agent/agent-ada-skill-builder.md +0 -35
package/.opencode/agent/agent-alejandro-function-fields.md +0 -39
package/.opencode/agent/agent-bjorn-config-audit.md +0 -36
package/.opencode/agent/agent-builder-agent-creator.md +0 -39
package/.opencode/agent/agent-code-simplifier.md +0 -31
package/.opencode/agent/agent-dmitri-activity-crud.md +0 -40
package/.opencode/agent/agent-giuseppe-app-builder.md +0 -37
package/.opencode/agent/agent-gunther-mcp-tools.md +0 -39
package/.opencode/agent/agent-helga-workflow-config.md +0 -204
package/.opencode/agent/agent-igor-activity-mover-automation.md +0 -46
package/.opencode/agent/agent-ingrid-doc-templates.md +0 -39
package/.opencode/agent/agent-ivan-monolith.md +0 -46
package/.opencode/agent/agent-kenji-data-reader.md +0 -53
package/.opencode/agent/agent-lars-code-inspector.md +0 -28
package/.opencode/agent/agent-marco-mockup-builder.md +0 -42
package/.opencode/agent/agent-marcus-api-documenter.md +0 -53
package/.opencode/agent/agent-marketplace-publisher.md +0 -44
package/.opencode/agent/agent-marketplace-reviewer.md +0 -42
package/.opencode/agent/agent-permissions-handler.md +0 -50
package/.opencode/agent/agent-simple-writer.md +0 -45
package/.opencode/agent/agent-svetlana-code-review.md +0 -39
package/.opencode/agent/agent-tanya-test-runner.md +0 -57
package/.opencode/agent/agent-ui-designer.md +0 -56
package/.opencode/agent/agent-viktor-sql-insights.md +0 -34
package/.opencode/agent/agent-web-search.md +0 -42
package/.opencode/agent/agent-yevgeni-discussions.md +0 -37
package/.opencode/agent/agent-zara-zapier.md +0 -53
package/.opencode/commands/app-squad.md +0 -135
package/.opencode/commands/audit-squad.md +0 -158
package/.opencode/commands/autoplan.md +0 -563
package/.opencode/commands/cleanup-squad.md +0 -98
package/.opencode/commands/config-squad.md +0 -106
package/.opencode/commands/crud-squad.md +0 -87
package/.opencode/commands/data-squad.md +0 -97
package/.opencode/commands/debug-squad.md +0 -303
package/.opencode/commands/doc-squad.md +0 -65
package/.opencode/commands/handoff.md +0 -137
package/.opencode/commands/health.md +0 -49
package/.opencode/commands/help-agents.md +0 -151
package/.opencode/commands/help-commands.md +0 -32
package/.opencode/commands/help-faq.md +0 -29
package/.opencode/commands/help-plugins.md +0 -28
package/.opencode/commands/help-skills.md +0 -7
package/.opencode/commands/help-tools.md +0 -40
package/.opencode/commands/help.md +0 -28
package/.opencode/commands/hotfix-squad.md +0 -112
package/.opencode/commands/integration-squad.md +0 -82
package/.opencode/commands/janitor-squad.md +0 -167
package/.opencode/commands/learn-auto.md +0 -120
package/.opencode/commands/learn.md +0 -120
package/.opencode/commands/mcp-list.md +0 -27
package/.opencode/commands/onboard-squad.md +0 -140
package/.opencode/commands/plan-workspace.md +0 -732
package/.opencode/commands/prd.md +0 -131
package/.opencode/commands/project-status.md +0 -82
package/.opencode/commands/publish.md +0 -138
package/.opencode/commands/recap.md +0 -69
package/.opencode/commands/restore.md +0 -64
package/.opencode/commands/review-squad.md +0 -152
package/.opencode/commands/save.md +0 -24
package/.opencode/commands/stats.md +0 -19
package/.opencode/commands/swarm.md +0 -210
package/.opencode/commands/tool-builder.md +0 -39
package/.opencode/commands/ws-pull.md +0 -44
package/.opencode/opencode.json +0 -21
package/inbox/failures.log +0 -1
package/inbox/usage.jsonl +0 -4
package/scripts/postinstall.cjs +0 -64
package/scripts/test-hal-tools.ts +0 -154

package/dist/bot/services/message-classifier.js CHANGED Viewed

@@ -59,6 +59,22 @@ class MessageClassifier {
                 messages = retryMessages;
             }
             messageContent = targetMessage.msg || targetMessage.content || "";
+            // Extract forwarded message content — forwarded messages have empty msg
+            if (!messageContent && targetMessage.forwardMessage) {
+                let fwd = targetMessage.forwardMessage;
+                const fwdParts = [];
+                let depth = 0;
+                while (fwd && depth < 10) {
+                    const fwdText = fwd.msg || fwd.content || '';
+                    if (fwdText)
+                        fwdParts.push(fwdText);
+                    fwd = fwd.forwardMessage;
+                    depth++;
+                }
+                if (fwdParts.length > 0) {
+                    messageContent = `[Forwarded message] ${fwdParts.join(' → ')}`;
+                }
+            }
             // Extract file attachments if present
             if (targetMessage.files && Array.isArray(targetMessage.files) && targetMessage.files.length > 0) {
                 fileAttachments = targetMessage.files.map((file) => ({
@@ -169,6 +185,7 @@ class MessageClassifier {
             isReplyToBot,
             isMention,
             isDirectMessage,
+            isPrivateDiscussion: !!(discData?.private),
             fileAttachments: fileAttachments.length > 0 ? fileAttachments : undefined,
         };
     }

package/dist/bot/services/permission-guard.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Unified permission guard for bot tool execution.
+ *
+ * Enforces the workspace permission system: bot scope ceiling + per-user
+ * workflow access from the permission index built from core.init.
+ *
+ * Three levels of checking:
+ * 1. Pre-execution: extract workflow IDs from tool args, deny if user lacks access
+ * 2. Post-execution: extract workflow IDs from tool results (when not in args)
+ * 3. Post-filter: strip items from list results that the user can't see
+ */
+export interface PermissionDenied {
+    workflowId: string;
+    reason: 'bot-scope' | string;
+}
+export interface PermissionContext {
+    /** Bot's allowed workflows (empty = all) */
+    allowedWorkflows: string[];
+    /** Workflow ID → Set of user IDs who can access it. Missing = open to all. */
+    permissionIndex: Map<string, Set<string>>;
+    /** Workspace admin user IDs */
+    adminUserIds: Set<string>;
+    /** Workspace owner user IDs */
+    ownerUserIds: Set<string>;
+    /** Insight ID → Set of source workflow IDs */
+    insightWorkflowCache: Map<string, Set<string>>;
+}
+/**
+ * Build the permission index from core.init data.
+ *
+ * Returns: { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds }
+ *
+ * permissionIndex only contains RESTRICTED workflows (those with explicit member lists).
+ * If a workflow is not in the index, it's open to all workspace members.
+ */
+export declare function buildPermissionIndex(init: any, workspaceId: string): {
+    permissionIndex: Map<string, Set<string>>;
+    adminUserIds: Set<string>;
+    ownerUserIds: Set<string>;
+    workspaceMemberIds: Set<string>;
+};
+/**
+ * Extract all workflow IDs from tool args, regardless of shape.
+ * Handles: top-level workflowId, sources[].workflowId, insightId → cached workflows.
+ */
+export declare function extractWorkflowIdsFromArgs(args: Record<string, unknown>, insightWorkflowCache: Map<string, Set<string>>): string[];
+/**
+ * Check if a user can access the given workflow IDs.
+ * Returns null if allowed, or { workflowId, reason } if denied.
+ */
+export declare function checkWorkflowAccess(workflowIds: string[], senderId: string, ctx: PermissionContext): PermissionDenied | null;
+//# sourceMappingURL=permission-guard.d.ts.map

package/dist/bot/services/permission-guard.js ADDED Viewed

@@ -0,0 +1,149 @@
+"use strict";
+/**
+ * Unified permission guard for bot tool execution.
+ *
+ * Enforces the workspace permission system: bot scope ceiling + per-user
+ * workflow access from the permission index built from core.init.
+ *
+ * Three levels of checking:
+ * 1. Pre-execution: extract workflow IDs from tool args, deny if user lacks access
+ * 2. Post-execution: extract workflow IDs from tool results (when not in args)
+ * 3. Post-filter: strip items from list results that the user can't see
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPermissionIndex = buildPermissionIndex;
+exports.extractWorkflowIdsFromArgs = extractWorkflowIdsFromArgs;
+exports.checkWorkflowAccess = checkWorkflowAccess;
+/**
+ * Build the permission index from core.init data.
+ *
+ * Returns: { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds }
+ *
+ * permissionIndex only contains RESTRICTED workflows (those with explicit member lists).
+ * If a workflow is not in the index, it's open to all workspace members.
+ */
+function buildPermissionIndex(init, workspaceId) {
+    const permissionIndex = new Map();
+    const adminUserIds = new Set();
+    const ownerUserIds = new Set();
+    const workspaceMemberIds = new Set();
+    if (!init?.processes || !workspaceId) {
+        return { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds };
+    }
+    // Extract workspace members, admins, owners from network.members
+    const network = init.network;
+    if (network?.members) {
+        const members = Array.isArray(network.members) ? network.members : Object.values(network.members);
+        for (const member of members) {
+            if (member.uid)
+                workspaceMemberIds.add(member.uid);
+            if (member.admin === true)
+                adminUserIds.add(member.uid);
+            if (member.owner === true)
+                ownerUserIds.add(member.uid);
+        }
+    }
+    const teams = init.teams?.[workspaceId] || {};
+    const groups = init.groups?.[workspaceId] || {};
+    for (const proc of init.processes) {
+        const members = proc.members || [];
+        // network_ member = all workspace members have access → skip (open)
+        if (members.some((m) => m.id?.startsWith('network_')))
+            continue;
+        // Public team = all workspace members have access → skip (open)
+        let hasPublicTeam = false;
+        for (const m of members) {
+            if (!m.id?.startsWith('team_'))
+                continue;
+            const team = teams[m.id.slice(5)];
+            if (team?.public) {
+                hasPublicTeam = true;
+                break;
+            }
+        }
+        if (hasPublicTeam)
+            continue;
+        // Restricted workflow — build explicit user set
+        const userIds = new Set();
+        for (const member of members) {
+            const id = member.id;
+            if (!id)
+                continue;
+            if (id.startsWith('user_')) {
+                userIds.add(id.slice(5));
+            }
+            else if (id.startsWith('team_')) {
+                const team = teams[id.slice(5)];
+                if (team?.members) {
+                    for (const uid of team.members) {
+                        userIds.add(typeof uid === 'string' ? uid : uid._id || uid.id || uid.uid);
+                    }
+                }
+            }
+            else if (id.startsWith('group_')) {
+                const group = groups[id.slice(6)];
+                if (group?.members) {
+                    for (const uid of group.members) {
+                        userIds.add(typeof uid === 'string' ? uid : uid._id || uid.id || uid.uid);
+                    }
+                }
+            }
+        }
+        // Workflow creator always has access
+        if (proc.uid)
+            userIds.add(proc.uid);
+        permissionIndex.set(proc._id, userIds);
+    }
+    return { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds };
+}
+/**
+ * Extract all workflow IDs from tool args, regardless of shape.
+ * Handles: top-level workflowId, sources[].workflowId, insightId → cached workflows.
+ */
+function extractWorkflowIdsFromArgs(args, insightWorkflowCache) {
+    const ids = [];
+    // Direct workflowId arg
+    if (typeof args.workflowId === 'string') {
+        ids.push(args.workflowId);
+    }
+    // sources[].workflowId (insight tools)
+    if (Array.isArray(args.sources)) {
+        for (const src of args.sources) {
+            if (src && typeof src === 'object' && typeof src.workflowId === 'string') {
+                ids.push(src.workflowId);
+            }
+        }
+    }
+    // insightId → cached workflow mapping
+    if (typeof args.insightId === 'string') {
+        const cached = insightWorkflowCache.get(args.insightId);
+        if (cached)
+            ids.push(...cached);
+    }
+    return ids;
+}
+/**
+ * Check if a user can access the given workflow IDs.
+ * Returns null if allowed, or { workflowId, reason } if denied.
+ */
+function checkWorkflowAccess(workflowIds, senderId, ctx) {
+    if (workflowIds.length === 0)
+        return null;
+    for (const wfId of workflowIds) {
+        // Bot scope ceiling
+        if (ctx.allowedWorkflows.length > 0 && !ctx.allowedWorkflows.includes(wfId)) {
+            return { workflowId: wfId, reason: 'bot-scope' };
+        }
+        // Admins and owners bypass user-level checks
+        if (ctx.adminUserIds.has(senderId) || ctx.ownerUserIds.has(senderId)) {
+            continue;
+        }
+        // User permission — restricted workflow, user not in member list
+        const allowed = ctx.permissionIndex.get(wfId);
+        if (allowed && !allowed.has(senderId)) {
+            return { workflowId: wfId, reason: senderId };
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=permission-guard.js.map

package/dist/bot/services/types.d.ts CHANGED Viewed

@@ -62,6 +62,8 @@ export interface BotConnection {
     };
 }
 export type MessagePriority = "high" | "normal" | "low";
+/** Controls when the bot processes a message */
+export type ResponseMode = 'always' | 'mention_only' | 'reply_only' | 'mention_or_reply';
 /** File attachment in a Hailer message */
 export interface HailerFileAttachment {
     _id: string;
@@ -82,6 +84,8 @@ export interface HailerMessage {
     replyTo?: string;
     created?: number;
     files?: HailerFileAttachment[];
+    forwardMessageId?: string;
+    forwardMessage?: HailerMessage;
 }
 /** Hailer user from search/workspace cache */
 export interface HailerUser {
@@ -114,6 +118,7 @@ export interface IncomingMessage {
     isReplyToBot: boolean;
     isMention: boolean;
     isDirectMessage: boolean;
+    isPrivateDiscussion: boolean;
     fileAttachments?: IncomingFileAttachment[];
 }
 export interface DiscussionState {

package/dist/bot/services/typing-indicator.d.ts CHANGED Viewed

@@ -9,11 +9,16 @@ export declare class TypingIndicatorService {
     private logger;
     private static TYPING_REFRESH_MS;
     private typingIntervals;
+    private currentStatus;
     constructor(botConnection: BotConnection, logger: Logger);
     /**
      * Start typing indicator with auto-refresh interval for a discussion
      */
-    start(discussionId: string): void;
+    start(discussionId: string, statusText?: string): void;
+    /**
+     * Update the status text for an active typing indicator
+     */
+    updateStatus(discussionId: string, statusText: string): void;
     /**
      * Stop typing indicator for a specific discussion, or all discussions (shutdown)
      */

package/dist/bot/services/typing-indicator.js CHANGED Viewed

@@ -10,6 +10,7 @@ class TypingIndicatorService {
     logger;
     static TYPING_REFRESH_MS = 3000;
     typingIntervals = new Map();
+    currentStatus = new Map();
     constructor(botConnection, logger) {
         this.botConnection = botConnection;
         this.logger = logger;
@@ -17,7 +18,9 @@ class TypingIndicatorService {
     /**
      * Start typing indicator with auto-refresh interval for a discussion
      */
-    start(discussionId) {
+    start(discussionId, statusText) {
+        if (statusText)
+            this.currentStatus.set(discussionId, statusText);
         if (this.typingIntervals.has(discussionId))
             return;
         this.sendSignal(discussionId, true);
@@ -26,6 +29,15 @@ class TypingIndicatorService {
         }, TypingIndicatorService.TYPING_REFRESH_MS);
         this.typingIntervals.set(discussionId, interval);
     }
+    /**
+     * Update the status text for an active typing indicator
+     */
+    updateStatus(discussionId, statusText) {
+        this.currentStatus.set(discussionId, statusText);
+        if (this.typingIntervals.has(discussionId)) {
+            this.sendSignal(discussionId, true);
+        }
+    }
     /**
      * Stop typing indicator for a specific discussion, or all discussions (shutdown)
      */
@@ -35,6 +47,7 @@ class TypingIndicatorService {
             if (interval) {
                 clearInterval(interval);
                 this.typingIntervals.delete(discussionId);
+                this.currentStatus.delete(discussionId);
                 this.sendSignal(discussionId, false);
             }
         }
@@ -45,14 +58,17 @@ class TypingIndicatorService {
                 this.sendSignal(discId, false);
             }
             this.typingIntervals.clear();
+            this.currentStatus.clear();
         }
     }
     sendSignal(discussionId, isTyping) {
+        const statusText = isTyping ? this.currentStatus.get(discussionId) : undefined;
         this.botConnection.client.socket.request("messenger.set_discussion_typing_state", [
             discussionId,
-            isTyping
+            isTyping,
+            ...(statusText ? [statusText] : []),
         ]).catch((error) => {
-            this.logger.debug("Typing indicator failed", { discussionId, isTyping, error: error?.message });
+            this.logger.debug("Typing indicator failed", { discussionId, isTyping, statusText, error: error?.message });
         });
     }
 }

package/dist/config.d.ts CHANGED Viewed

@@ -20,12 +20,13 @@ export declare const APP_VERSION: string;
  */
 export declare const environment: {
     NODE_ENV: "development" | "production" | "test";
-    LOG_LEVEL: "debug" | "info" | "warn" | "error";
+    LOG_LEVEL: "error" | "debug" | "info" | "warn";
     DISABLE_MCP_SERVER: boolean;
     MCP_CLIENT_ENABLED: boolean;
     ENABLE_NUCLEAR_TOOLS: boolean;
     PORT: number;
     CORS_ORIGINS: string[];
+    HAILER_APP_URL: string;
     CLIENT_CONFIGS: Record<string, {
         email: string;
         password: string;
@@ -50,6 +51,8 @@ export declare const environment: {
     CONTEXT_ENABLE_AUTO_SUMMARIZATION: boolean;
     CONTEXT_MAX_SUMMARIZATION_CHUNKS: number;
     TOKEN_BILLING_ENABLED: boolean;
+    VIPUNEN_API_KEYS: Record<string, "admin" | "dev" | "readonly">;
+    MCP_PUBLIC_URL?: string | undefined;
     WORKSPACE_CONFIG_PATH?: string | undefined;
     DEV_APPS_PATH?: string | undefined;
     DEV_APPS_PATHS?: string | undefined;
@@ -57,6 +60,8 @@ export declare const environment: {
     OPENAI_API_BASE?: string | undefined;
     OPENAI_MODEL?: string | undefined;
     ANTHROPIC_API_KEY?: string | undefined;
+    WEAVIATE_HOST?: string | undefined;
+    WEAVIATE_API_KEY?: string | undefined;
 };
 /**
  * Mask sensitive data for safe logging

package/dist/config.js CHANGED Viewed

@@ -102,6 +102,10 @@ const environmentSchema = zod_1.z.object({
     // Server
     PORT: zod_1.z.string().transform(v => parseInt(v) || 3030).default('3030'),
     CORS_ORIGINS: jsonArraySchema(zod_1.z.string().url()).default('[]'),
+    // OAuth - public URL for redirects (e.g., https://mcp.hailer.com)
+    MCP_PUBLIC_URL: zod_1.z.string().url().optional(),
+    // Hailer frontend URL for OAuth login (e.g., https://app.hailer.com)
+    HAILER_APP_URL: zod_1.z.string().url().default('https://app.hailer.com'),
     // Hailer integration - now as efficient Map
     CLIENT_CONFIGS: clientConfigsSchema,
     // Workspace configuration path (for reading workspace configs from external projects)
@@ -142,6 +146,45 @@ const environmentSchema = zod_1.z.object({
     CONTEXT_MAX_SUMMARIZATION_CHUNKS: zod_1.z.string().transform(v => parseInt(v) || 10).default('10'),
     // Token billing (real-time usage billing per workspace via Hailer API)
     TOKEN_BILLING_ENABLED: zod_1.z.string().transform(v => v === 'true').default('false'),
+    // Vipunen (Weaviate RAG knowledge base)
+    WEAVIATE_HOST: zod_1.z.string().url().optional(),
+    WEAVIATE_API_KEY: zod_1.z.string().min(1).optional(),
+    // Vipunen client API keys — JSON map of key → group
+    // Format: { "my-api-key": "admin", "dev-key": "dev", "reader-key": "readonly" }
+    // Groups: admin (full access), dev (VipunenConfig read-only), readonly (read-only everywhere)
+    VIPUNEN_API_KEYS: zod_1.z.string()
+        .optional()
+        .default('{}')
+        .transform((value, ctx) => {
+        try {
+            const parsed = JSON.parse(value);
+            const validGroups = ['admin', 'dev', 'readonly'];
+            for (const [key, group] of Object.entries(parsed)) {
+                if (key.length < 32) {
+                    ctx.addIssue({
+                        code: zod_1.z.ZodIssueCode.custom,
+                        message: `Vipunen API key too short (min 32 chars): "${key.substring(0, 4)}..."`,
+                    });
+                    return zod_1.z.NEVER;
+                }
+                if (!validGroups.includes(group)) {
+                    ctx.addIssue({
+                        code: zod_1.z.ZodIssueCode.custom,
+                        message: `Invalid group "${group}" for key "${key.substring(0, 4)}...". Must be one of: ${validGroups.join(', ')}`,
+                    });
+                    return zod_1.z.NEVER;
+                }
+            }
+            return parsed;
+        }
+        catch (error) {
+            ctx.addIssue({
+                code: zod_1.z.ZodIssueCode.custom,
+                message: `Invalid VIPUNEN_API_KEYS JSON: ${error.message}`,
+            });
+            return zod_1.z.NEVER;
+        }
+    }),
 });
 /**
  * Get process environment

package/dist/core.js CHANGED Viewed

@@ -49,15 +49,13 @@ class Core {
         this.logger.debug('Starting Hailer MCP application');
         try {
             // Start MCP Server FIRST (daemon/client needs it for tool schemas)
+            // Server starts even without CLIENT_CONFIGS - OAuth sessions are dynamic
             if (this.appConfig.server.enableMcpServer) {
                 const hasAccounts = Object.keys(this.appConfig.hailerAccounts).length > 0;
                 if (!hasAccounts) {
-                    this.logger.warn('MCP Server enabled but no accounts configured in CLIENT_CONFIGS. Server will not start.');
-                    this.logger.warn('Add at least one account to CLIENT_CONFIGS in .env.local to use the MCP Server.');
-                }
-                else {
-                    await this.startMCPServer();
+                    this.logger.info('No accounts in CLIENT_CONFIGS - server will accept OAuth sessions only');
                 }
+                await this.startMCPServer();
             }
             // Start bot client ONLY if MCP_CLIENT_ENABLED=true
             if (this.appConfig.server.enableClient) {
@@ -78,7 +76,6 @@ class Core {
             port: this.appConfig.server.port,
             corsOrigins: this.appConfig.server.corsOrigins,
             toolRegistry: this.toolRegistry,
-            getDaemonStatus: () => this.getDaemonStatus() // Pass callback for daemon monitoring
         });
         await this.mcpServer.start();
         this.logger.debug('MCP Server service started');

package/dist/mcp/UserContextCache.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { HailerClient } from './hailer-clients';
 import { WorkspaceCache } from './workspace-cache';
 import { HailerV2CoreInitResponse, HailerApiClient } from './utils/index';
+import { ToolGroup } from './tool-registry';
+import { UserRole } from './utils/index';
 export interface UserContext {
     client: HailerClient;
     hailer: HailerApiClient;
@@ -10,6 +12,9 @@ export interface UserContext {
     createdAt: number;
     email: string;
     password: string;
+    workspaceRoles: Record<string, UserRole>;
+    currentWorkspaceId: string;
+    allowedGroups: ToolGroup[];
 }
 /**
  * Cache for user-specific data (client connections, init data, workspace cache)

package/dist/mcp/UserContextCache.js CHANGED Viewed

@@ -6,6 +6,7 @@ const workspace_cache_1 = require("./workspace-cache");
 const config_1 = require("../config");
 const logger_1 = require("../lib/logger");
 const index_1 = require("./utils/index");
+const index_2 = require("./utils/index");
 const logger = (0, logger_1.createLogger)({ component: 'user-context-cache' });
 /**
  * Cache for user-specific data (client connections, init data, workspace cache)
@@ -57,7 +58,7 @@ class UserContextCache {
             else {
                 // Cache expired, remove stale entry
                 this.cache.delete(apiKey);
-                logger.debug('Cache expired, refreshing user context', {
+                logger.info('Cache expired, refreshing user context', {
                     apiKey: apiKey.substring(0, 8) + '...',
                     ageMinutes: Math.round(age / (1000 * 60))
                 });
@@ -66,7 +67,7 @@ class UserContextCache {
         else if (forceRefresh && this.cache.has(apiKey)) {
             // Force refresh requested, clear existing cache
             this.cache.delete(apiKey);
-            logger.debug('Force refresh requested, clearing cached user context', {
+            logger.info('Force refresh requested, clearing cached user context', {
                 apiKey: apiKey.substring(0, 8) + '...'
             });
         }
@@ -105,29 +106,57 @@ class UserContextCache {
             const init = await client.socket.request('v2.core.init', [
                 ['processes', 'users', 'network', 'networks', 'teams']
             ]);
-            // Validate single workspace access - MCP requires bot credentials with access to one workspace only
-            const workspaceCount = Object.keys(init.networks || {}).length;
+            (0, index_1.normalizeInitProcesses)(init);
+            // Multi-workspace support: log available workspaces, use first one as default
+            // User can switch workspaces using list_my_workspaces tool and specifying workspaceId
+            const networks = (init.networks || {});
+            const workspaceCount = Object.keys(networks).length;
             if (workspaceCount > 1) {
-                const networks = (init.networks || {});
-                const workspaceNames = Object.values(networks)
-                    .map((ws) => ws.name)
+                const workspaceList = Object.entries(networks)
+                    .map(([id, ws]) => `${ws.name} (${id})`)
                     .join(', ');
-                logger.error('Multi-workspace credentials detected', {
+                logger.info('Multi-workspace user detected', {
                     workspaceCount,
-                    workspaces: workspaceNames,
-                    apiKey: apiKey.substring(0, 8) + '...'
+                    workspaces: workspaceList,
+                    apiKey: apiKey.substring(0, 8) + '...',
+                    hint: 'Use list_my_workspaces tool to see all workspaces and switch between them'
                 });
-                // Clean up the connection before throwing - prevents dangling socket
-                (0, hailer_clients_1.disconnectHailerClientByApiKey)(apiKey);
-                throw new Error(`Multi-workspace credentials detected (${workspaceCount} workspaces: ${workspaceNames}). ` +
-                    `MCP requires bot credentials with access to a single workspace. ` +
-                    `Please use the bot account created during 'hailer-sdk init'.`);
             }
             // Create workspace cache from init data
             const appConfig = (0, config_1.createApplicationConfig)();
             const workspaceCache = (0, workspace_cache_1.createWorkspaceCache)(init, appConfig.mcpConfig);
+            // Extract user roles from ALL workspaces
+            const currentUserId = await (0, hailer_clients_1.getCurrentUserId)(client);
+            const workspaceRoles = (0, index_2.extractWorkspaceRoles)(networks, currentUserId);
+            // Get current workspace ID
+            const currentWorkspaceId = init.network?._id || Object.keys(networks)[0] || '';
+            // Get role for current workspace (for backward compatibility and initial tool filtering)
+            const userRole = workspaceRoles[currentWorkspaceId] || 'guest';
+            const allowedGroups = (0, index_2.getAllowedGroups)(userRole, config_1.environment.ENABLE_NUCLEAR_TOOLS);
+            logger.info('User roles extracted from all workspaces', {
+                apiKey: apiKey.substring(0, 8) + '...',
+                workspaceCount: Object.keys(workspaceRoles).length,
+                currentWorkspaceId,
+                currentRole: userRole,
+                allRoles: Object.entries(workspaceRoles).map(([id, role]) => `${id.slice(-6)}:${role}`).join(', ')
+            });
             // Get credentials from config (for tools like publish_hailer_app that need external auth)
-            const accountConfig = appConfig.getClientConfig(apiKey);
+            // User API Keys (OAuth users) don't have bot credentials - use empty strings
+            const isUserApiKey = apiKey.startsWith('userapikey_');
+            let email = '';
+            let password = '';
+            if (!isUserApiKey) {
+                try {
+                    const accountConfig = appConfig.getClientConfig(apiKey);
+                    email = accountConfig.email;
+                    password = accountConfig.password;
+                }
+                catch (error) {
+                    logger.warn('No client config found for API key, using empty credentials', {
+                        apiKey: apiKey.substring(0, 8) + '...'
+                    });
+                }
+            }
             const context = {
                 client,
                 hailer,
@@ -135,8 +164,11 @@ class UserContextCache {
                 workspaceCache,
                 apiKey,
                 createdAt: Date.now(),
-                email: accountConfig.email,
-                password: accountConfig.password,
+                email,
+                password,
+                workspaceRoles, // NEW: Map of workspaceId → role
+                currentWorkspaceId, // NEW: Current workspace ID
+                allowedGroups, // Keep for stdio-server compatibility
             };
             // Calculate and log cache sizes
             const rawInitSize = Buffer.byteLength(JSON.stringify(init), 'utf8');
@@ -176,7 +208,7 @@ class UserContextCache {
     static clearAll() {
         const size = this.cache.size;
         this.cache.clear();
-        logger.debug('Cleared all user contexts from cache', { clearedCount: size });
+        logger.info('Cleared all user contexts from cache', { clearedCount: size });
     }
     /**
      * Get cache statistics (for monitoring and debugging)

package/dist/mcp/hailer-clients.d.ts CHANGED Viewed

@@ -5,10 +5,28 @@ export interface HailerRestClient {
     sessionKey: string;
 }
 export interface HailerClient {
-    socket: Client;
+    socket: Client | RestOnlySocket;
     rest: HailerRestClient;
     sessionKey: string;
 }
+/**
+ * REST-only socket mock for User API Key sessions
+ * User API Keys require IP for validation, which socket.resume() doesn't provide.
+ * This mock implements the socket.request() interface using REST API calls.
+ */
+export declare class RestOnlySocket {
+    host: string;
+    private apiKey;
+    constructor(baseUrl: string, apiKey: string);
+    /**
+     * Make RPC request via REST API instead of socket
+     * Hailer's /api endpoint accepts the same RPC format as socket
+     */
+    request(method: string, args?: unknown[]): Promise<unknown>;
+    on(_event: string, _handler: (...args: any[]) => void): void;
+    off(_event: string, _handler: (...args: any[]) => void): void;
+    disconnect(): void;
+}
 /**
  * Get the current user ID from the authenticated session
  * This is called after authentication to retrieve the user ID automatically