@harness-fe/mcp-server 4.0.0-next.1 → 4.0.0-next.3

package/dist/auth.js

@@ -1,212 +0,0 @@
-/**
- * Token-based auth for the bridge's HTTP + WS surfaces.
- *
- * Loopback (127.*, localhost, ::1) — auth disabled by default; the daemon
- * trusts everything that can reach the loopback socket. As soon as the
- * daemon is bound to a non-loopback host (e.g. 0.0.0.0 for LAN debugging),
- * the CLI requires a token and this module enforces it on every HTTP route
- * and WS upgrade.
- *
- * Why a single module: dashboard / replay viewer / events handler /
- * MCP HTTP transport all live behind the same bridge HTTP server. Bridge
- * wraps requests with `isAuthorized` once, so individual handlers never
- * see unauthenticated traffic and don't carry auth code.
- */
-import { createHash, timingSafeEqual } from 'node:crypto';
-export const DEFAULT_COOKIE_NAME = 'harness_fe_token';
-export const DEFAULT_LOGIN_PATH = '/__auth';
-const WS_SUBPROTOCOL_PREFIX = 'harness-fe.token.';
-export function isAuthEnabled(opts) {
-    return !!(opts.token || opts.authorize);
-}
-/** Pull token from header / cookie / query / WS subprotocol (first match wins). */
-export function extractToken(req, opts = {}) {
-    const auth = req.headers.authorization;
-    if (typeof auth === 'string' && auth.startsWith('Bearer ')) {
-        const v = auth.slice(7).trim();
-        if (v)
-            return v;
-    }
-    const cookieName = opts.cookieName ?? DEFAULT_COOKIE_NAME;
-    const cookies = parseCookieHeader(req.headers.cookie);
-    if (cookies[cookieName])
-        return decodeURIComponent(cookies[cookieName]);
-    const url = req.url ?? '';
-    const qi = url.indexOf('?');
-    if (qi >= 0) {
-        const params = new URLSearchParams(url.slice(qi + 1));
-        const t = params.get('token');
-        if (t)
-            return t;
-    }
-    const subproto = req.headers['sec-websocket-protocol'];
-    if (typeof subproto === 'string') {
-        for (const p of subproto.split(',')) {
-            const trimmed = p.trim();
-            if (trimmed.startsWith(WS_SUBPROTOCOL_PREFIX)) {
-                return trimmed.slice(WS_SUBPROTOCOL_PREFIX.length);
-            }
-        }
-    }
-    return undefined;
-}
-/**
- * Constant-time token compare. Hashing both sides first means we always
- * compare equal-length buffers, sidestepping the length-leak that a raw
- * timingSafeEqual on user input would have.
- */
-export function verifyToken(provided, expected) {
-    if (!provided || !expected)
-        return false;
-    const a = createHash('sha256').update(provided).digest();
-    const b = createHash('sha256').update(expected).digest();
-    return timingSafeEqual(a, b);
-}
-/** True if request is allowed (auth disabled, custom predicate accepts, or token matches). */
-export function isAuthorized(req, opts) {
-    if (!isAuthEnabled(opts))
-        return true;
-    // Custom predicate wins when supplied. Hosts that embed the daemon pass
-    // their own check here (e.g. JWT verification reading from a cookie).
-    if (opts.authorize)
-        return opts.authorize(req);
-    return verifyToken(extractToken(req, opts), opts.token);
-}
-/**
- * Write a 401 response. Browsers (Accept: text/html) get a minimal login
- * form they can post the token through; everything else gets JSON.
- */
-export function sendUnauthorized(req, res, opts) {
-    // Custom-authorize mode is for host apps that own their own login UX —
-    // the built-in token form is never the right answer there. Always 401
-    // as JSON and let the host redirect.
-    const wantsLoginForm = !opts.authorize;
-    const accept = (req.headers.accept ?? '').toLowerCase();
-    const wantsHtml = accept.includes('text/html') && wantsLoginForm;
-    if (wantsHtml) {
-        res.statusCode = 401;
-        res.setHeader('content-type', 'text/html; charset=utf-8');
-        res.setHeader('cache-control', 'no-store');
-        res.end(renderLoginPage(opts, req.url ?? '/'));
-        return;
-    }
-    res.statusCode = 401;
-    res.setHeader('content-type', 'application/json; charset=utf-8');
-    res.setHeader('www-authenticate', 'Bearer realm="harness-fe"');
-    res.end(JSON.stringify({
-        error: 'unauthorized',
-        message: 'Missing or invalid token. Provide Authorization: Bearer <token>, ?token=<token>, or the harness_fe_token cookie.',
-    }));
-}
-/**
- * Handle POST {loginPath}: read form body, verify token, set cookie, 303 → next.
- */
-export async function handleLoginPost(req, res, opts) {
-    if (!isAuthEnabled(opts) || opts.authorize) {
-        // Auth disabled, or the host owns auth via a custom predicate — the
-        // built-in login form isn't meaningful here. Redirect home.
-        res.statusCode = 303;
-        res.setHeader('location', '/');
-        res.end();
-        return;
-    }
-    const chunks = [];
-    let total = 0;
-    const MAX = 4096;
-    for await (const c of req) {
-        const buf = c;
-        total += buf.length;
-        if (total > MAX) {
-            res.statusCode = 413;
-            res.setHeader('content-type', 'text/plain; charset=utf-8');
-            res.end('payload too large');
-            return;
-        }
-        chunks.push(buf);
-    }
-    const body = Buffer.concat(chunks).toString('utf8');
-    const form = new URLSearchParams(body);
-    const token = form.get('token') ?? '';
-    const next = safeNext(form.get('next') ?? '/');
-    if (!verifyToken(token, opts.token)) {
-        res.statusCode = 401;
-        res.setHeader('content-type', 'text/html; charset=utf-8');
-        res.setHeader('cache-control', 'no-store');
-        res.end(renderLoginPage(opts, next, 'Invalid token. Try again.'));
-        return;
-    }
-    const cookieName = opts.cookieName ?? DEFAULT_COOKIE_NAME;
-    // 30 days. HttpOnly so JS can't read it; SameSite=Lax so cross-tab nav works.
-    const cookie = `${cookieName}=${encodeURIComponent(token)}; Path=/; HttpOnly; SameSite=Lax; Max-Age=2592000`;
-    res.statusCode = 303;
-    res.setHeader('set-cookie', cookie);
-    res.setHeader('location', next);
-    res.end();
-}
-/**
- * Allow only same-origin relative paths as the post-login redirect. Anything
- * else degrades to "/" so a crafted form can't redirect to an external site.
- */
-function safeNext(next) {
-    if (typeof next !== 'string')
-        return '/';
-    if (!next.startsWith('/'))
-        return '/';
-    if (next.startsWith('//'))
-        return '/';
-    return next;
-}
-function parseCookieHeader(raw) {
-    if (!raw)
-        return {};
-    const out = {};
-    for (const part of raw.split(';')) {
-        const eq = part.indexOf('=');
-        if (eq < 0)
-            continue;
-        const k = part.slice(0, eq).trim();
-        const v = part.slice(eq + 1).trim();
-        if (k)
-            out[k] = v;
-    }
-    return out;
-}
-function escapeHtml(s) {
-    return s.replace(/[&<>"']/g, (c) => {
-        switch (c) {
-            case '&': return '&amp;';
-            case '<': return '&lt;';
-            case '>': return '&gt;';
-            case '"': return '&quot;';
-            default: return '&#39;';
-        }
-    });
-}
-function renderLoginPage(opts, next, error) {
-    const loginPath = opts.loginPath ?? DEFAULT_LOGIN_PATH;
-    const safeN = escapeHtml(safeNext(next));
-    const errBlock = error
-        ? `<p style="color:#c0392b;margin:0 0 12px">${escapeHtml(error)}</p>`
-        : '';
-    return `<!doctype html>
-<html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
-<title>harness-fe — sign in</title>
-<style>
-body{font:14px/1.4 -apple-system,BlinkMacSystemFont,system-ui,sans-serif;background:#fafafa;color:#222;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0}
-form{background:#fff;border:1px solid #e5e7eb;border-radius:8px;padding:24px;max-width:360px;width:100%;box-shadow:0 4px 12px rgba(0,0,0,.04)}
-h1{font-size:16px;margin:0 0 12px}
-input[type=password]{display:block;width:100%;box-sizing:border-box;padding:10px;border:1px solid #d1d5db;border-radius:6px;font-size:14px;margin-bottom:12px}
-button{display:block;width:100%;padding:10px;background:#111;color:#fff;border:0;border-radius:6px;font-size:14px;cursor:pointer}
-.muted{color:#666;font-size:12px;margin-top:12px}
-</style></head>
-<body>
-<form method="post" action="${escapeHtml(loginPath)}" autocomplete="off">
-  <h1>harness-fe</h1>
-  ${errBlock}
-  <input type="password" name="token" placeholder="token" autofocus required>
-  <input type="hidden" name="next" value="${safeN}">
-  <button type="submit">Sign in</button>
-  <p class="muted">Paste the token from the daemon startup banner.</p>
-</form>
-</body></html>`;
-}

package/dist/bridge.d.ts

@@ -1,323 +0,0 @@
-/**
- * WS bridge — accepts connections from vite-plugin and runtime-client.
- *
- * Protocol: see @harness-fe/protocol.
- *
- * Responsibilities:
- *   - Handshake: `hello` frame → register peer in SessionRouter, reply `hello.ack`
- *   - sendCommand(): forward a CommandFrame to the target tab, return a
- *     Promise that resolves when the matching ResponseFrame arrives
- *   - onEvent(): broadcast event frames to subscribers (mcp tools / future
- *     recorder)
- */
-import { type IncomingMessage, type ServerResponse } from 'node:http';
-import { type AuthOptions } from './auth.js';
-import { type Principal } from './identity.js';
-import { type ConsentPolicy, type EventFrame, type HttpBatch, type TabInfo, type Task, type TaskStatus } from '@harness-fe/protocol';
-import { SessionRouter, type PeerSession } from './sessionRouter.js';
-import { type IStore, type ITaskStore, type IMemoryStore, type RetentionPolicy } from './store/index.js';
-/**
- * Surface used by the stdio MCP layer. Same shape whether the underlying
- * implementation is an in-process `Bridge` (leader) or a `RemoteBridge`
- * proxying over WS to another daemon (follower).
- *
- * All methods are async so the same call site works in both modes.
- */
-export interface IBridge {
-    sendCommand(command: string, args: unknown, opts?: SendCommandOptions): Promise<unknown>;
-    listTabs(): Promise<TabInfo[]>;
-    listTasks(filter?: {
-        status?: TaskStatus | 'all';
-        limit?: number;
-    }): Promise<Task[]>;
-    claimTask(id: string, principal?: Principal): Promise<Task | undefined>;
-    resolveTask(id: string, note?: string, principal?: Principal): Promise<Task | undefined>;
-    getMemoryStore(): IMemoryStore;
-    /**
-     * Base URL (e.g. http://127.0.0.1:47729) where the replay viewer is reachable.
-     * Returns undefined when the bridge does not serve HTTP (e.g. follower mode).
-     */
-    getViewerBaseUrl(): string | undefined;
-    /**
-     * The configured auth token, or undefined if auth is disabled. Used to
-     * compose URLs that the user (or agent) can hit without an extra
-     * authentication step.
-     */
-    getAuthToken(): string | undefined;
-    /**
-     * Read an attachment PNG for a task. Returns base64-encoded PNG or null.
-     * The task must exist in the in-memory map so we can look up its projectId.
-     */
-    getTaskAttachmentData(taskId: string, attachmentId: string): Promise<string | null>;
-}
-export interface SendCommandOptions {
-    tabId?: string;
-    timeoutMs?: number;
-    target?: 'runtime-client' | 'vite-plugin';
-    projectId?: string;
-}
-/**
- * Default data directory for all persistence stores, keyed by the port the
- * daemon listens on. Identity of a daemon = its listening address; same
- * port → same on-disk store; different ports → independent stores.
- *
- * This lets users opt into isolation simply by configuring a different
- * `--port` in their `mcp.json`, and lets multiple IDEs targeting the same
- * port automatically share state through the existing leader/follower
- * mechanism in `cli.ts`. No cwd / project-root detection involved.
- */
-export declare function defaultDataDir(port: number): string;
-export interface BridgeOptions {
-    port?: number;
-    /** Bind address. Default 127.0.0.1 (no remote exposure). */
-    host?: string;
-    /**
-     * Token-based auth applied to every HTTP route and WS upgrade. Empty
-     * token disables auth (only valid when bound to a loopback host).
-     */
-    auth?: AuthOptions;
-    /**
-     * Browser-consent policy for control commands (4.0 · P2). When omitted it
-     * defaults to `session` while auth is enabled (non-loopback / exposed) and
-     * `off` on loopback — so solo dev keeps its zero-friction flow and any
-     * exposed daemon prompts the user before an agent drives the page.
-     */
-    consent?: ConsentPolicy;
-    /**
-     * Override the host used when building outbound URLs (dashboard links,
-     * replay viewer URLs). When omitted and `host` is `0.0.0.0` / `::`, the
-     * first non-internal IPv4 address from the OS network interfaces is
-     * used so other LAN devices can follow the links. For loopback binds the
-     * literal `host` is reused.
-     */
-    publicHost?: string;
-    /**
-     * Store instance for JSONL persistence. If omitted, a default JsonlStore
-     * is created at `dataDir` (or `defaultDataDir(port)` when `dataDir` is
-     * also omitted). Pass null to disable persistence.
-     */
-    store?: IStore | null;
-    /**
-     * Task store instance for JSON task persistence. If omitted, a default
-     * JsonTaskStore is created at `dataDir`. Pass null to disable task
-     * persistence (useful in tests).
-     */
-    taskStore?: ITaskStore | null;
-    /**
-     * Memory store instance for agent memory persistence. If omitted, a default
-     * JsonMemoryStore is created at `dataDir`. Pass null to disable memory
-     * persistence (useful in tests).
-     */
-    memoryStore?: IMemoryStore | null;
-    /**
-     * Root data directory for task attachment binaries. Defaults to the same
-     * `~/.harness/data` directory used by the stores. Override in tests.
-     */
-    attachmentsDataDir?: string;
-    /**
-     * Root data directory for the default stores (when `store` / `taskStore`
-     * / `memoryStore` are not supplied). When omitted, computed from `port`
-     * via `defaultDataDir(port)`. Set explicitly to point all stores at a
-     * non-default location (useful for tests or migration).
-     */
-    dataDir?: string;
-    /**
-     * Optional friendly label surfaced in the startup banner and (later) the
-     * dashboard title. Purely cosmetic — has no effect on data isolation,
-     * routing, or auth. Identity is always the listening port.
-     */
-    label?: string;
-    /**
-     * Automatic retention policy enforcement.
-     *
-     * Without this, manual `session.purge` MCP calls are the only thing that
-     * trims the on-disk store — so a long-running daemon will eventually fill
-     * the user's disk. Default: run `store.purge()` once shortly after start
-     * and every hour thereafter. Set `enabled: false` for tests / one-shot runs.
-     */
-    autoPurge?: {
-        enabled?: boolean;
-        /** Period between purges in ms. Default 1 hour. */
-        intervalMs?: number;
-        /** Override the retention policy. Default uses store's built-in defaults. */
-        policy?: RetentionPolicy;
-        /** Skip the startup purge (still runs the periodic timer). Default false. */
-        skipInitial?: boolean;
-    };
-}
-export type EventListener = (event: EventFrame, session: PeerSession) => void;
-export declare class Bridge implements IBridge {
-    readonly router: SessionRouter;
-    readonly store: IStore | null;
-    readonly taskStore: ITaskStore | null;
-    readonly memoryStore: IMemoryStore;
-    private wss?;
-    private httpServer?;
-    /**
-     * Optional HTTP handler invoked for non-WebSocket requests. Set via
-     * `setHttpHandler()`. Allows higher layers (e.g. replay viewer) to serve
-     * routes on the same port as the WS bridge without coupling Bridge to them.
-     */
-    private httpHandler?;
-    private sockets;
-    private pending;
-    private eventListeners;
-    private tasks;
-    private opts;
-    private auth;
-    /** Browser-consent policy pushed to runtime clients in hello.ack (4.0 · P2). */
-    private readonly consentPolicy;
-    private publicHostOverride;
-    private readonly attachDataDir;
-    private autoPurgeOpts;
-    /** Set by start() when auto-purge is enabled; cleared by stop(). */
-    private autoPurgeTimer?;
-    /**
-     * Map from connectionId → buildId (for build-plugin connections)
-     * or sessionId (for runtime-client connections).
-     */
-    private connToStoreId;
-    /** Caller identity per connection (4.0 · P1). Resolved at WS upgrade. */
-    private connToPrincipal;
-    /**
-     * Identity attributed to MCP-driven writes (task claim/resolve). The MCP
-     * tool layer is a daemon-wide singleton today with no per-call caller
-     * context, so stdio/HTTP agents collapse to one principal. P4 (per-session
-     * MCP transport) replaces this with the real per-call principal.
-     */
-    private readonly defaultPrincipal;
-    /** Connections that already logged a "no store session" warning. */
-    private warnedNoSession;
-    /**
-     * Grace period timers: projectId → timer handle.
-     * When a build plugin disconnects, a 30-second timer is started.
-     * If the same project reconnects within that window, the timer is cancelled.
-     */
-    private graceTimers;
-    /**
-     * Pending build end info: projectId → { buildId, closedAt }.
-     * Tracks builds waiting for the grace period to expire.
-     */
-    private pendingEndBuild;
-    /**
-     * Dashboard SPA subscribers — connections that sent `hello` with
-     * role: 'dashboard-client'. Receive `dashboard.update` frames whenever
-     * session state changes; never receive commands and never send events.
-     */
-    private dashboardSubscribers;
-    /** Debounce per-session 'session.update' broadcasts so chatty rrweb chunks don't spam subscribers. */
-    private dashboardDebounceTimers;
-    /** Optional friendly label (HARNESS_FE_LABEL). Cosmetic only. */
-    readonly label: string | undefined;
-    constructor(opts?: BridgeOptions);
-    /**
-     * Returns the memory store instance for use by mcp.ts and other callers.
-     */
-    getMemoryStore(): IMemoryStore;
-    private loadTasks;
-    private persistTasks;
-    /**
-     * Load tasks for a specific project from the task store into the in-memory map.
-     * Called when a project connects so its tasks are available immediately.
-     */
-    private loadTasksForProject;
-    private taskDedupKey;
-    /**
-     * Register an HTTP request handler that runs for non-WebSocket requests on
-     * the same port. Only one handler is supported; later calls replace prior
-     * ones. WS upgrades bypass this handler.
-     */
-    setHttpHandler(handler: (req: IncomingMessage, res: ServerResponse) => void | Promise<void>): void;
-    /**
-     * Insert a handler that runs *before* the main HTTP handler. Return `true`
-     * if the request was consumed (no further processing); return `false` to
-     * fall through to the existing handler. Allows mcpHttp.ts to mount on
-     * `/mcp` without owning the whole HTTP surface.
-     */
-    prependHttpHandler(handler: (req: IncomingMessage, res: ServerResponse) => Promise<boolean> | boolean): void;
-    start(): Promise<void>;
-    stop(): Promise<void>;
-    /**
-     * Run `store.purge()` defensively. Errors are logged but never bubble out
-     * — the daemon must continue serving even if disk is full or files are
-     * locked.
-     */
-    private runAutoPurge;
-    /** Expose the bound port (useful when port:0 was passed for tests). */
-    getBoundPort(): number | undefined;
-    getViewerBaseUrl(): string | undefined;
-    getAuthToken(): string | undefined;
-    /** Daemon auth options — used by the MCP layer to identify the per-call principal (4.0 · P4). */
-    getAuthOptions(): AuthOptions;
-    /**
-     * Broadcast a `dashboard.update` frame to every subscribed dashboard SPA.
-     *
-     * `kind: 'session.update'` is debounced per-sessionId (200ms) so chatty
-     * rrweb chunk appends don't spam every subscriber. Other kinds fire
-     * immediately because they represent rare state transitions (new
-     * session, session closed, export created).
-     */
-    notifyDashboard(payload: {
-        kind: 'session.new' | 'session.update' | 'session.closed' | 'project.update' | 'export.new';
-        sessionId?: string;
-        projectId?: string;
-    }): void;
-    private flushDashboardUpdate;
-    /**
-     * Host string used when handing out URLs that other machines need to
-     * reach. Loopback binds keep the literal address; wildcard binds
-     * (0.0.0.0 / ::) prefer the first non-internal IPv4. Explicit
-     * `publicHost` always wins.
-     */
-    private getPublicHost;
-    onEvent(listener: EventListener): () => void;
-    /**
-     * Handle an HTTP-batch POST /events request (Edge Runtime path).
-     *
-     * Stateless: each call is a self-contained hello+events sequence.
-     * The hello is used to register the peer (or look up the existing session)
-     * and the events are persisted to the session timeline — same paths as the
-     * WS handler.
-     */
-    handleHttpBatch(hello: HttpBatch['hello'], events: HttpBatch['events']): void;
-    listTabs(): Promise<TabInfo[]>;
-    listTasks(filter?: {
-        status?: TaskStatus | 'all';
-        limit?: number;
-    }): Promise<Task[]>;
-    claimTask(id: string, principal?: Principal): Promise<Task | undefined>;
-    getTaskAttachmentData(taskId: string, attachmentId: string): Promise<string | null>;
-    resolveTask(id: string, note?: string, principal?: Principal): Promise<Task | undefined>;
-    private persistTaskEvent;
-    private recordTask;
-    /**
-     * Write attachment data to disk and return persisted pointer objects.
-     * Drops attachments if the total decoded size exceeds 4 MB.
-     */
-    private writeTaskAttachments;
-    /**
-     * Read an attachment from disk for a given task.
-     * Returns the base64 data if found, null otherwise.
-     */
-    readTaskAttachment(projectId: string, taskId: string, attachmentId: string): string | null;
-    /**
-     * Send a command to a specific tab and await its response.
-     * `tabId` falls back to the most-recent active tab if omitted.
-     */
-    sendCommand(command: string, args: unknown, opts?: SendCommandOptions): Promise<unknown>;
-    /**
-     * Returns true if there is an active build for the given projectId.
-     * Checks both in-memory grace period builds and the store.
-     */
-    private hasActiveBuild;
-    private onConnection;
-    private handleFrame;
-    /**
-     * Runtime → daemon query dispatcher (0.5+). Whitelisted methods only.
-     * Owner check: tasks.update / tasks.get / tasks.delete refuse to touch
-     * tasks whose `visitorId` doesn't match the caller's `peer.visitorId`.
-     */
-    private handleQuery;
-    private handleMcpCall;
-    private invokeMcpMethod;
-}