@hailer/mcp 1.1.12 → 1.1.13

package/dist/bot/services/message-classifier.js

@@ -59,6 +59,22 @@ class MessageClassifier {
                 messages = retryMessages;
             }
             messageContent = targetMessage.msg || targetMessage.content || "";
+            // Extract forwarded message content — forwarded messages have empty msg
+            if (!messageContent && targetMessage.forwardMessage) {
+                let fwd = targetMessage.forwardMessage;
+                const fwdParts = [];
+                let depth = 0;
+                while (fwd && depth < 10) {
+                    const fwdText = fwd.msg || fwd.content || '';
+                    if (fwdText)
+                        fwdParts.push(fwdText);
+                    fwd = fwd.forwardMessage;
+                    depth++;
+                }
+                if (fwdParts.length > 0) {
+                    messageContent = `[Forwarded message] ${fwdParts.join(' → ')}`;
+                }
+            }
             // Extract file attachments if present
             if (targetMessage.files && Array.isArray(targetMessage.files) && targetMessage.files.length > 0) {
                 fileAttachments = targetMessage.files.map((file) => ({
@@ -169,6 +185,7 @@ class MessageClassifier {
             isReplyToBot,
             isMention,
             isDirectMessage,
+            isPrivateDiscussion: !!(discData?.private),
             fileAttachments: fileAttachments.length > 0 ? fileAttachments : undefined,
         };
     }

package/dist/bot/services/permission-guard.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Unified permission guard for bot tool execution.
+ *
+ * Enforces the workspace permission system: bot scope ceiling + per-user
+ * workflow access from the permission index built from core.init.
+ *
+ * Three levels of checking:
+ * 1. Pre-execution: extract workflow IDs from tool args, deny if user lacks access
+ * 2. Post-execution: extract workflow IDs from tool results (when not in args)
+ * 3. Post-filter: strip items from list results that the user can't see
+ */
+export interface PermissionDenied {
+    workflowId: string;
+    reason: 'bot-scope' | string;
+}
+export interface PermissionContext {
+    /** Bot's allowed workflows (empty = all) */
+    allowedWorkflows: string[];
+    /** Workflow ID → Set of user IDs who can access it. Missing = open to all. */
+    permissionIndex: Map<string, Set<string>>;
+    /** Workspace admin user IDs */
+    adminUserIds: Set<string>;
+    /** Workspace owner user IDs */
+    ownerUserIds: Set<string>;
+    /** Insight ID → Set of source workflow IDs */
+    insightWorkflowCache: Map<string, Set<string>>;
+}
+/**
+ * Build the permission index from core.init data.
+ *
+ * Returns: { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds }
+ *
+ * permissionIndex only contains RESTRICTED workflows (those with explicit member lists).
+ * If a workflow is not in the index, it's open to all workspace members.
+ */
+export declare function buildPermissionIndex(init: any, workspaceId: string): {
+    permissionIndex: Map<string, Set<string>>;
+    adminUserIds: Set<string>;
+    ownerUserIds: Set<string>;
+    workspaceMemberIds: Set<string>;
+};
+/**
+ * Extract all workflow IDs from tool args, regardless of shape.
+ * Handles: top-level workflowId, sources[].workflowId, insightId → cached workflows.
+ */
+export declare function extractWorkflowIdsFromArgs(args: Record<string, unknown>, insightWorkflowCache: Map<string, Set<string>>): string[];
+/**
+ * Check if a user can access the given workflow IDs.
+ * Returns null if allowed, or { workflowId, reason } if denied.
+ */
+export declare function checkWorkflowAccess(workflowIds: string[], senderId: string, ctx: PermissionContext): PermissionDenied | null;
+//# sourceMappingURL=permission-guard.d.ts.map

package/dist/bot/services/permission-guard.js

@@ -0,0 +1,149 @@
+"use strict";
+/**
+ * Unified permission guard for bot tool execution.
+ *
+ * Enforces the workspace permission system: bot scope ceiling + per-user
+ * workflow access from the permission index built from core.init.
+ *
+ * Three levels of checking:
+ * 1. Pre-execution: extract workflow IDs from tool args, deny if user lacks access
+ * 2. Post-execution: extract workflow IDs from tool results (when not in args)
+ * 3. Post-filter: strip items from list results that the user can't see
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPermissionIndex = buildPermissionIndex;
+exports.extractWorkflowIdsFromArgs = extractWorkflowIdsFromArgs;
+exports.checkWorkflowAccess = checkWorkflowAccess;
+/**
+ * Build the permission index from core.init data.
+ *
+ * Returns: { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds }
+ *
+ * permissionIndex only contains RESTRICTED workflows (those with explicit member lists).
+ * If a workflow is not in the index, it's open to all workspace members.
+ */
+function buildPermissionIndex(init, workspaceId) {
+    const permissionIndex = new Map();
+    const adminUserIds = new Set();
+    const ownerUserIds = new Set();
+    const workspaceMemberIds = new Set();
+    if (!init?.processes || !workspaceId) {
+        return { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds };
+    }
+    // Extract workspace members, admins, owners from network.members
+    const network = init.network;
+    if (network?.members) {
+        const members = Array.isArray(network.members) ? network.members : Object.values(network.members);
+        for (const member of members) {
+            if (member.uid)
+                workspaceMemberIds.add(member.uid);
+            if (member.admin === true)
+                adminUserIds.add(member.uid);
+            if (member.owner === true)
+                ownerUserIds.add(member.uid);
+        }
+    }
+    const teams = init.teams?.[workspaceId] || {};
+    const groups = init.groups?.[workspaceId] || {};
+    for (const proc of init.processes) {
+        const members = proc.members || [];
+        // network_ member = all workspace members have access → skip (open)
+        if (members.some((m) => m.id?.startsWith('network_')))
+            continue;
+        // Public team = all workspace members have access → skip (open)
+        let hasPublicTeam = false;
+        for (const m of members) {
+            if (!m.id?.startsWith('team_'))
+                continue;
+            const team = teams[m.id.slice(5)];
+            if (team?.public) {
+                hasPublicTeam = true;
+                break;
+            }
+        }
+        if (hasPublicTeam)
+            continue;
+        // Restricted workflow — build explicit user set
+        const userIds = new Set();
+        for (const member of members) {
+            const id = member.id;
+            if (!id)
+                continue;
+            if (id.startsWith('user_')) {
+                userIds.add(id.slice(5));
+            }
+            else if (id.startsWith('team_')) {
+                const team = teams[id.slice(5)];
+                if (team?.members) {
+                    for (const uid of team.members) {
+                        userIds.add(typeof uid === 'string' ? uid : uid._id || uid.id || uid.uid);
+                    }
+                }
+            }
+            else if (id.startsWith('group_')) {
+                const group = groups[id.slice(6)];
+                if (group?.members) {
+                    for (const uid of group.members) {
+                        userIds.add(typeof uid === 'string' ? uid : uid._id || uid.id || uid.uid);
+                    }
+                }
+            }
+        }
+        // Workflow creator always has access
+        if (proc.uid)
+            userIds.add(proc.uid);
+        permissionIndex.set(proc._id, userIds);
+    }
+    return { permissionIndex, adminUserIds, ownerUserIds, workspaceMemberIds };
+}
+/**
+ * Extract all workflow IDs from tool args, regardless of shape.
+ * Handles: top-level workflowId, sources[].workflowId, insightId → cached workflows.
+ */
+function extractWorkflowIdsFromArgs(args, insightWorkflowCache) {
+    const ids = [];
+    // Direct workflowId arg
+    if (typeof args.workflowId === 'string') {
+        ids.push(args.workflowId);
+    }
+    // sources[].workflowId (insight tools)
+    if (Array.isArray(args.sources)) {
+        for (const src of args.sources) {
+            if (src && typeof src === 'object' && typeof src.workflowId === 'string') {
+                ids.push(src.workflowId);
+            }
+        }
+    }
+    // insightId → cached workflow mapping
+    if (typeof args.insightId === 'string') {
+        const cached = insightWorkflowCache.get(args.insightId);
+        if (cached)
+            ids.push(...cached);
+    }
+    return ids;
+}
+/**
+ * Check if a user can access the given workflow IDs.
+ * Returns null if allowed, or { workflowId, reason } if denied.
+ */
+function checkWorkflowAccess(workflowIds, senderId, ctx) {
+    if (workflowIds.length === 0)
+        return null;
+    for (const wfId of workflowIds) {
+        // Bot scope ceiling
+        if (ctx.allowedWorkflows.length > 0 && !ctx.allowedWorkflows.includes(wfId)) {
+            return { workflowId: wfId, reason: 'bot-scope' };
+        }
+        // Admins and owners bypass user-level checks
+        if (ctx.adminUserIds.has(senderId) || ctx.ownerUserIds.has(senderId)) {
+            continue;
+        }
+        // User permission — restricted workflow, user not in member list
+        const allowed = ctx.permissionIndex.get(wfId);
+        if (allowed && !allowed.has(senderId)) {
+            return { workflowId: wfId, reason: senderId };
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=permission-guard.js.map

package/dist/bot/services/types.d.ts

@@ -62,6 +62,8 @@ export interface BotConnection {
     };
 }
 export type MessagePriority = "high" | "normal" | "low";
+/** Controls when the bot processes a message */
+export type ResponseMode = 'always' | 'mention_only' | 'reply_only' | 'mention_or_reply';
 /** File attachment in a Hailer message */
 export interface HailerFileAttachment {
     _id: string;
@@ -82,6 +84,8 @@ export interface HailerMessage {
     replyTo?: string;
     created?: number;
     files?: HailerFileAttachment[];
+    forwardMessageId?: string;
+    forwardMessage?: HailerMessage;
 }
 /** Hailer user from search/workspace cache */
 export interface HailerUser {
@@ -114,6 +118,7 @@ export interface IncomingMessage {
     isReplyToBot: boolean;
     isMention: boolean;
     isDirectMessage: boolean;
+    isPrivateDiscussion: boolean;
     fileAttachments?: IncomingFileAttachment[];
 }
 export interface DiscussionState {

package/dist/bot/services/typing-indicator.d.ts

@@ -9,11 +9,16 @@ export declare class TypingIndicatorService {
     private logger;
     private static TYPING_REFRESH_MS;
     private typingIntervals;
+    private currentStatus;
     constructor(botConnection: BotConnection, logger: Logger);
     /**
      * Start typing indicator with auto-refresh interval for a discussion
      */
-    start(discussionId: string): void;
+    start(discussionId: string, statusText?: string): void;
+    /**
+     * Update the status text for an active typing indicator
+     */
+    updateStatus(discussionId: string, statusText: string): void;
     /**
      * Stop typing indicator for a specific discussion, or all discussions (shutdown)
      */

package/dist/bot/services/typing-indicator.js

@@ -10,6 +10,7 @@ class TypingIndicatorService {
     logger;
     static TYPING_REFRESH_MS = 3000;
     typingIntervals = new Map();
+    currentStatus = new Map();
     constructor(botConnection, logger) {
         this.botConnection = botConnection;
         this.logger = logger;
@@ -17,7 +18,9 @@ class TypingIndicatorService {
     /**
      * Start typing indicator with auto-refresh interval for a discussion
      */
-    start(discussionId) {
+    start(discussionId, statusText) {
+        if (statusText)
+            this.currentStatus.set(discussionId, statusText);
         if (this.typingIntervals.has(discussionId))
             return;
         this.sendSignal(discussionId, true);
@@ -26,6 +29,15 @@ class TypingIndicatorService {
         }, TypingIndicatorService.TYPING_REFRESH_MS);
         this.typingIntervals.set(discussionId, interval);
     }
+    /**
+     * Update the status text for an active typing indicator
+     */
+    updateStatus(discussionId, statusText) {
+        this.currentStatus.set(discussionId, statusText);
+        if (this.typingIntervals.has(discussionId)) {
+            this.sendSignal(discussionId, true);
+        }
+    }
     /**
      * Stop typing indicator for a specific discussion, or all discussions (shutdown)
      */
@@ -35,6 +47,7 @@ class TypingIndicatorService {
             if (interval) {
                 clearInterval(interval);
                 this.typingIntervals.delete(discussionId);
+                this.currentStatus.delete(discussionId);
                 this.sendSignal(discussionId, false);
             }
         }
@@ -45,14 +58,17 @@ class TypingIndicatorService {
                 this.sendSignal(discId, false);
             }
             this.typingIntervals.clear();
+            this.currentStatus.clear();
         }
     }
     sendSignal(discussionId, isTyping) {
+        const statusText = isTyping ? this.currentStatus.get(discussionId) : undefined;
         this.botConnection.client.socket.request("messenger.set_discussion_typing_state", [
             discussionId,
-            isTyping
+            isTyping,
+            ...(statusText ? [statusText] : []),
         ]).catch((error) => {
-            this.logger.debug("Typing indicator failed", { discussionId, isTyping, error: error?.message });
+            this.logger.debug("Typing indicator failed", { discussionId, isTyping, statusText, error: error?.message });
         });
     }
 }

package/dist/config.d.ts

@@ -20,12 +20,13 @@ export declare const APP_VERSION: string;
  */
 export declare const environment: {
     NODE_ENV: "development" | "production" | "test";
-    LOG_LEVEL: "debug" | "info" | "warn" | "error";
+    LOG_LEVEL: "error" | "debug" | "info" | "warn";
     DISABLE_MCP_SERVER: boolean;
     MCP_CLIENT_ENABLED: boolean;
     ENABLE_NUCLEAR_TOOLS: boolean;
     PORT: number;
     CORS_ORIGINS: string[];
+    HAILER_APP_URL: string;
     CLIENT_CONFIGS: Record<string, {
         email: string;
         password: string;
@@ -50,6 +51,8 @@ export declare const environment: {
     CONTEXT_ENABLE_AUTO_SUMMARIZATION: boolean;
     CONTEXT_MAX_SUMMARIZATION_CHUNKS: number;
     TOKEN_BILLING_ENABLED: boolean;
+    VIPUNEN_API_KEYS: Record<string, "admin" | "dev" | "readonly">;
+    MCP_PUBLIC_URL?: string | undefined;
     WORKSPACE_CONFIG_PATH?: string | undefined;
     DEV_APPS_PATH?: string | undefined;
     DEV_APPS_PATHS?: string | undefined;
@@ -57,6 +60,8 @@ export declare const environment: {
     OPENAI_API_BASE?: string | undefined;
     OPENAI_MODEL?: string | undefined;
     ANTHROPIC_API_KEY?: string | undefined;
+    WEAVIATE_HOST?: string | undefined;
+    WEAVIATE_API_KEY?: string | undefined;
 };
 /**
  * Mask sensitive data for safe logging

package/dist/config.js

@@ -102,6 +102,10 @@ const environmentSchema = zod_1.z.object({
     // Server
     PORT: zod_1.z.string().transform(v => parseInt(v) || 3030).default('3030'),
     CORS_ORIGINS: jsonArraySchema(zod_1.z.string().url()).default('[]'),
+    // OAuth - public URL for redirects (e.g., https://mcp.hailer.com)
+    MCP_PUBLIC_URL: zod_1.z.string().url().optional(),
+    // Hailer frontend URL for OAuth login (e.g., https://app.hailer.com)
+    HAILER_APP_URL: zod_1.z.string().url().default('https://app.hailer.com'),
     // Hailer integration - now as efficient Map
     CLIENT_CONFIGS: clientConfigsSchema,
     // Workspace configuration path (for reading workspace configs from external projects)
@@ -142,6 +146,45 @@ const environmentSchema = zod_1.z.object({
     CONTEXT_MAX_SUMMARIZATION_CHUNKS: zod_1.z.string().transform(v => parseInt(v) || 10).default('10'),
     // Token billing (real-time usage billing per workspace via Hailer API)
     TOKEN_BILLING_ENABLED: zod_1.z.string().transform(v => v === 'true').default('false'),
+    // Vipunen (Weaviate RAG knowledge base)
+    WEAVIATE_HOST: zod_1.z.string().url().optional(),
+    WEAVIATE_API_KEY: zod_1.z.string().min(1).optional(),
+    // Vipunen client API keys — JSON map of key → group
+    // Format: { "my-api-key": "admin", "dev-key": "dev", "reader-key": "readonly" }
+    // Groups: admin (full access), dev (VipunenConfig read-only), readonly (read-only everywhere)
+    VIPUNEN_API_KEYS: zod_1.z.string()
+        .optional()
+        .default('{}')
+        .transform((value, ctx) => {
+        try {
+            const parsed = JSON.parse(value);
+            const validGroups = ['admin', 'dev', 'readonly'];
+            for (const [key, group] of Object.entries(parsed)) {
+                if (key.length < 32) {
+                    ctx.addIssue({
+                        code: zod_1.z.ZodIssueCode.custom,
+                        message: `Vipunen API key too short (min 32 chars): "${key.substring(0, 4)}..."`,
+                    });
+                    return zod_1.z.NEVER;
+                }
+                if (!validGroups.includes(group)) {
+                    ctx.addIssue({
+                        code: zod_1.z.ZodIssueCode.custom,
+                        message: `Invalid group "${group}" for key "${key.substring(0, 4)}...". Must be one of: ${validGroups.join(', ')}`,
+                    });
+                    return zod_1.z.NEVER;
+                }
+            }
+            return parsed;
+        }
+        catch (error) {
+            ctx.addIssue({
+                code: zod_1.z.ZodIssueCode.custom,
+                message: `Invalid VIPUNEN_API_KEYS JSON: ${error.message}`,
+            });
+            return zod_1.z.NEVER;
+        }
+    }),
 });
 /**
  * Get process environment

package/dist/core.js

@@ -49,15 +49,13 @@ class Core {
         this.logger.debug('Starting Hailer MCP application');
         try {
             // Start MCP Server FIRST (daemon/client needs it for tool schemas)
+            // Server starts even without CLIENT_CONFIGS - OAuth sessions are dynamic
             if (this.appConfig.server.enableMcpServer) {
                 const hasAccounts = Object.keys(this.appConfig.hailerAccounts).length > 0;
                 if (!hasAccounts) {
-                    this.logger.warn('MCP Server enabled but no accounts configured in CLIENT_CONFIGS. Server will not start.');
-                    this.logger.warn('Add at least one account to CLIENT_CONFIGS in .env.local to use the MCP Server.');
-                }
-                else {
-                    await this.startMCPServer();
+                    this.logger.info('No accounts in CLIENT_CONFIGS - server will accept OAuth sessions only');
                 }
+                await this.startMCPServer();
             }
             // Start bot client ONLY if MCP_CLIENT_ENABLED=true
             if (this.appConfig.server.enableClient) {
@@ -78,7 +76,6 @@ class Core {
             port: this.appConfig.server.port,
             corsOrigins: this.appConfig.server.corsOrigins,
             toolRegistry: this.toolRegistry,
-            getDaemonStatus: () => this.getDaemonStatus() // Pass callback for daemon monitoring
         });
         await this.mcpServer.start();
         this.logger.debug('MCP Server service started');

package/dist/lib/discussion-lock.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Discussion Lock Registry
+ *
+ * Prevents multiple bots from responding to the same discussion.
+ * When a specialist bot (like Giuseppe) is handling a discussion,
+ * it acquires a lock. Other bots (like Orchestrator) check the lock
+ * before responding.
+ */
+/**
+ * Acquire a lock on a discussion
+ * @param discussionId - The discussion to lock
+ * @param botName - Name of the bot acquiring the lock (for logging)
+ * @param ttlMs - Lock duration in milliseconds (default: 5 minutes)
+ * @returns true if lock acquired, false if already locked by another bot
+ */
+export declare function acquireDiscussionLock(discussionId: string, botName: string, ttlMs?: number): boolean;
+/**
+ * Release a lock on a discussion
+ * @param discussionId - The discussion to unlock
+ * @param botName - Name of the bot releasing (must match acquirer)
+ */
+export declare function releaseDiscussionLock(discussionId: string, botName: string): void;
+/**
+ * Check if a discussion is locked by another bot
+ * @param discussionId - The discussion to check
+ * @param myBotName - Name of the checking bot (own locks don't block)
+ * @returns true if locked by ANOTHER bot, false if free or own lock
+ */
+export declare function isDiscussionLocked(discussionId: string, myBotName: string): boolean;
+/**
+ * Clean up expired locks (call periodically)
+ */
+export declare function cleanupExpiredLocks(): number;
+/**
+ * Get current lock status (for debugging)
+ */
+export declare function getLockStatus(): Map<string, {
+    botName: string;
+    acquiredAt: number;
+    expiresAt: number;
+}>;
+//# sourceMappingURL=discussion-lock.d.ts.map

package/dist/lib/discussion-lock.js

@@ -0,0 +1,110 @@
+"use strict";
+/**
+ * Discussion Lock Registry
+ *
+ * Prevents multiple bots from responding to the same discussion.
+ * When a specialist bot (like Giuseppe) is handling a discussion,
+ * it acquires a lock. Other bots (like Orchestrator) check the lock
+ * before responding.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.acquireDiscussionLock = acquireDiscussionLock;
+exports.releaseDiscussionLock = releaseDiscussionLock;
+exports.isDiscussionLocked = isDiscussionLocked;
+exports.cleanupExpiredLocks = cleanupExpiredLocks;
+exports.getLockStatus = getLockStatus;
+const logger_1 = require("./logger");
+const logger = (0, logger_1.createLogger)({ component: 'discussion-lock' });
+// Singleton map of discussionId -> { botName, acquiredAt, expiresAt }
+const locks = new Map();
+// Default lock TTL: 5 minutes (allows for LLM processing time)
+const DEFAULT_LOCK_TTL_MS = 5 * 60 * 1000;
+/**
+ * Acquire a lock on a discussion
+ * @param discussionId - The discussion to lock
+ * @param botName - Name of the bot acquiring the lock (for logging)
+ * @param ttlMs - Lock duration in milliseconds (default: 5 minutes)
+ * @returns true if lock acquired, false if already locked by another bot
+ */
+function acquireDiscussionLock(discussionId, botName, ttlMs = DEFAULT_LOCK_TTL_MS) {
+    const now = Date.now();
+    const existing = locks.get(discussionId);
+    // Check if existing lock is still valid
+    if (existing && existing.expiresAt > now) {
+        if (existing.botName === botName) {
+            // Same bot - extend the lock
+            existing.expiresAt = now + ttlMs;
+            return true;
+        }
+        // Different bot has the lock
+        logger.debug('Discussion already locked', {
+            discussionId,
+            lockedBy: existing.botName,
+            requestedBy: botName
+        });
+        return false;
+    }
+    // Acquire lock
+    locks.set(discussionId, {
+        botName,
+        acquiredAt: now,
+        expiresAt: now + ttlMs
+    });
+    logger.debug('Discussion lock acquired', { discussionId, botName, ttlMs });
+    return true;
+}
+/**
+ * Release a lock on a discussion
+ * @param discussionId - The discussion to unlock
+ * @param botName - Name of the bot releasing (must match acquirer)
+ */
+function releaseDiscussionLock(discussionId, botName) {
+    const existing = locks.get(discussionId);
+    if (existing && existing.botName === botName) {
+        locks.delete(discussionId);
+        logger.debug('Discussion lock released', { discussionId, botName });
+    }
+}
+/**
+ * Check if a discussion is locked by another bot
+ * @param discussionId - The discussion to check
+ * @param myBotName - Name of the checking bot (own locks don't block)
+ * @returns true if locked by ANOTHER bot, false if free or own lock
+ */
+function isDiscussionLocked(discussionId, myBotName) {
+    const now = Date.now();
+    const existing = locks.get(discussionId);
+    // No lock or expired
+    if (!existing || existing.expiresAt <= now) {
+        return false;
+    }
+    // Own lock doesn't block
+    if (existing.botName === myBotName) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Clean up expired locks (call periodically)
+ */
+function cleanupExpiredLocks() {
+    const now = Date.now();
+    let cleaned = 0;
+    for (const [discussionId, lock] of locks.entries()) {
+        if (lock.expiresAt <= now) {
+            locks.delete(discussionId);
+            cleaned++;
+        }
+    }
+    if (cleaned > 0) {
+        logger.debug('Cleaned up expired locks', { count: cleaned });
+    }
+    return cleaned;
+}
+/**
+ * Get current lock status (for debugging)
+ */
+function getLockStatus() {
+    return new Map(locks);
+}
+//# sourceMappingURL=discussion-lock.js.map

package/dist/mcp/UserContextCache.d.ts

@@ -1,6 +1,8 @@
 import { HailerClient } from './hailer-clients';
 import { WorkspaceCache } from './workspace-cache';
 import { HailerV2CoreInitResponse, HailerApiClient } from './utils/index';
+import { ToolGroup } from './tool-registry';
+import { UserRole } from './utils/index';
 export interface UserContext {
     client: HailerClient;
     hailer: HailerApiClient;
@@ -10,6 +12,9 @@ export interface UserContext {
     createdAt: number;
     email: string;
     password: string;
+    workspaceRoles: Record<string, UserRole>;
+    currentWorkspaceId: string;
+    allowedGroups: ToolGroup[];
 }
 /**
  * Cache for user-specific data (client connections, init data, workspace cache)