@heuresis/mcp 1.0.0-rc.1

package/dist/cloudTypes.js

@@ -0,0 +1,8 @@
+// Postgres row types — narrow subset duplicated from src/cloud/types.ts so the
+// MCP package builds independently of the main app. Only the rows we actually
+// touch from MCP tools (nodes, edges, projects, project_nodes, workspaces,
+// workspace_memberships, ideas, idea_nodes) are mirrored here. Add more as the
+// 19.4 tool-parity wave expands.
+//
+// Field names are snake_case to match what supabase-js returns.
+export {};

package/dist/credentials.js

@@ -0,0 +1,97 @@
+// Credentials persistence at ~/.heuresis/credentials.json (chmod 600 on POSIX).
+//
+// The shape is intentionally small — supabase-js handles the access-token
+// lifecycle from the refresh token, so all we ever need to write to disk is
+// the refresh token and the project URL/anon key it pairs with.
+//
+// Format:
+//   {
+//     "supabase_url": "https://xyz.supabase.co",
+//     "anon_key":     "ey...",
+//     "refresh_token":"ey...",
+//     "user_id":      "uuid",
+//     "device_name":  "hostname-shortRandom",
+//     "created_at":   "2026-05-21T..."
+//   }
+//
+// Phase 19.3 will move refresh-token issuance behind the `mcp-device-grant`
+// Edge Function and add a `refresh_token_id` column we record server-side.
+// For now (19.1) the shape on disk matches what the user will paste from the
+// browser link.
+import { mkdir, readFile, writeFile, chmod, unlink, stat } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { homedir, hostname } from 'node:os';
+import { dirname, join } from 'node:path';
+import { randomBytes } from 'node:crypto';
+const isWindows = process.platform === 'win32';
+export function credentialsPath() {
+    return join(homedir(), '.heuresis', 'credentials.json');
+}
+export async function readCredentials() {
+    const path = credentialsPath();
+    if (!existsSync(path))
+        return null;
+    try {
+        const text = await readFile(path, 'utf8');
+        const data = JSON.parse(text);
+        if (!data.supabase_url ||
+            !data.anon_key ||
+            !data.refresh_token ||
+            !data.user_id ||
+            !data.device_name ||
+            !data.created_at) {
+            return null;
+        }
+        return data;
+    }
+    catch {
+        return null;
+    }
+}
+export async function writeCredentials(creds) {
+    const path = credentialsPath();
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(path, JSON.stringify(creds, null, 2), 'utf8');
+    // chmod 600 — owner read/write only. No-op on Windows (NTFS perms are a
+    // different model and the file lives in %USERPROFILE% which is already
+    // user-private by default).
+    if (!isWindows) {
+        try {
+            await chmod(path, 0o600);
+        }
+        catch {
+            // best-effort; don't fail login just because of perm bits.
+        }
+    }
+    return path;
+}
+export async function deleteCredentials() {
+    const path = credentialsPath();
+    if (!existsSync(path))
+        return false;
+    try {
+        await unlink(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function credentialsExist() {
+    const path = credentialsPath();
+    if (!existsSync(path))
+        return false;
+    try {
+        const s = await stat(path);
+        return s.isFile();
+    }
+    catch {
+        return false;
+    }
+}
+/** Default device name = `${hostname}-${shortRandom}`. */
+export function defaultDeviceName() {
+    const host = hostname().replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 32) || 'device';
+    const rand = randomBytes(3).toString('hex');
+    return `${host}-${rand}`;
+}

package/dist/index.js

@@ -0,0 +1,294 @@
+#!/usr/bin/env node
+// @heuresis/mcp — Heuresis Model Context Protocol server (v0.2.0-alpha).
+//
+// Two operating modes:
+//
+//   1. CLOUD (default, Phase 19.1+) — when ~/.heuresis/credentials.json
+//      exists, every tool call hits Supabase against the user's session.
+//      Same workspace the webapp sees, same RLS, live reads + writes.
+//
+//   2. LEGACY SNAPSHOT (deprecated, removed after 19.7) — when no
+//      credentials are present AND $HEURESIS_SNAPSHOT is set, fall back
+//      to the v0 read-only file-snapshot behavior. This keeps existing
+//      installs working through the migration.
+//
+// Subcommands (one-shot, never start the MCP server):
+//   login | logout | whoami | --help
+import { existsSync } from 'node:fs';
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { zodToJsonSchema } from './zod-to-json-schema.js';
+import { HeuresisStore } from './store.js';
+import { getConcept as legacyGetConcept, getConceptInput as legacyGetConceptInput, getProjectGraph as legacyGetProjectGraph, getProjectGraphInput as legacyGetProjectGraphInput, getSubtree as legacyGetSubtree, getSubtreeInput as legacyGetSubtreeInput, getWorkspaceSummary as legacyGetWorkspaceSummary, getWorkspaceSummaryInput as legacyGetWorkspaceSummaryInput, listProjects as legacyListProjects, listProjectsInput as legacyListProjectsInput, listRecentDecisions as legacyListRecentDecisions, listRecentDecisionsInput as legacyListRecentDecisionsInput, searchConcepts as legacySearchConcepts, searchConceptsInput as legacySearchConceptsInput, } from './tools.js';
+import { CLOUD_TOOLS } from './cloudTools.js';
+import { readCredentials } from './credentials.js';
+import { CloudAuthError, getCloudClient } from './cloudClient.js';
+import { helpCommand, loginCommand, logoutCommand, whoamiCommand, } from './cli.js';
+import { readRealtimeFlag, resolveSubscriptionWorkspaceId, startRealtimeSubscription, stripRealtimeFlags, } from './realtime.js';
+const VERSION = '0.2.0-alpha';
+const MAX_RESULT_CHARS = 50_000;
+function makeCloudTools(getClient, operatorTools) {
+    // Lazy: defer the actual auth handshake until the first tool call so the
+    // MCP server boots fast.
+    //
+    // We compose two sources: CLOUD_TOOLS (Phase 19.4 data-layer parity) and
+    // operatorTools (Phase 19.5 LLM-backed operators). Both share the
+    // `CloudToolDef` shape; the only thing this layer adds is the lazy
+    // `getClient()` hop so the handlers in cloudTools.ts can stay client-
+    // agnostic.
+    const merged = [...CLOUD_TOOLS, ...operatorTools];
+    return merged.map((t) => ({
+        name: t.name,
+        description: t.description,
+        inputSchema: t.inputSchema,
+        handler: async (args) => t.handler(await getClient(), args),
+    }));
+}
+function makeLegacySnapshotTools(store) {
+    // LEGACY FALLBACK — removed after 19.7. Read-only, no auth, snapshot file.
+    return [
+        {
+            name: 'get_workspace_summary',
+            description: "(Legacy snapshot mode) Counts of nodes/edges/projects/ideas + a one-line overview of each project and idea. Always start here when you don't know what's in the workspace.",
+            inputSchema: legacyGetWorkspaceSummaryInput,
+            handler: () => legacyGetWorkspaceSummary(store),
+        },
+        {
+            name: 'list_projects',
+            description: '(Legacy snapshot mode) Every project in the snapshot with brief, direction, lifecycle, and member count.',
+            inputSchema: legacyListProjectsInput,
+            handler: () => legacyListProjects(store),
+        },
+        {
+            name: 'search_concepts',
+            description: '(Legacy snapshot mode) Substring search across concept labels, descriptions, tags, and partition attributes.',
+            inputSchema: legacySearchConceptsInput,
+            handler: (args) => legacySearchConcepts(store, legacySearchConceptsInput.parse(args)),
+        },
+        {
+            name: 'get_concept',
+            description: '(Legacy snapshot mode) One concept by id, optionally with ancestry, children, and idea memberships.',
+            inputSchema: legacyGetConceptInput,
+            handler: (args) => legacyGetConcept(store, legacyGetConceptInput.parse(args)),
+        },
+        {
+            name: 'get_subtree',
+            description: '(Legacy snapshot mode) A node and its descendants up to a given depth.',
+            inputSchema: legacyGetSubtreeInput,
+            handler: (args) => legacyGetSubtree(store, legacyGetSubtreeInput.parse(args)),
+        },
+        {
+            name: 'get_project_graph',
+            description: '(Legacy snapshot mode) Every node + edge inside one project. Returns a graph the agent can reason over end-to-end.',
+            inputSchema: legacyGetProjectGraphInput,
+            handler: (args) => legacyGetProjectGraph(store, legacyGetProjectGraphInput.parse(args)),
+        },
+        {
+            name: 'list_recent_decisions',
+            description: '(Legacy snapshot mode) Nodes the user has explicitly resolved (validated, starred, or archived) recently.',
+            inputSchema: legacyListRecentDecisionsInput,
+            handler: (args) => legacyListRecentDecisions(store, legacyListRecentDecisionsInput.parse(args)),
+        },
+    ];
+}
+async function runServer() {
+    const creds = await readCredentials();
+    const snapshotEnv = process.env.HEURESIS_SNAPSHOT;
+    let tools;
+    let modeBanner;
+    if (creds) {
+        // CLOUD mode.
+        const getClient = async () => {
+            try {
+                const { client } = await getCloudClient(creds);
+                return client;
+            }
+            catch (err) {
+                if (err instanceof CloudAuthError) {
+                    throw new Error(err.message);
+                }
+                throw err;
+            }
+        };
+        // Phase 19.5 — try to load Operator tools. The module may not exist
+        // yet at build time (Agent A ships it in a parallel pass); if it's
+        // missing OR exports nothing, we fall back to just the Phase 19.4
+        // parity set. Wrapping the dynamic import in try/catch keeps the
+        // server starting cleanly in either case.
+        let operatorTools = [];
+        try {
+            const mod = (await import('./cloudOperators.js').catch(() => null));
+            if (mod && Array.isArray(mod.OPERATOR_TOOLS)) {
+                operatorTools = mod.OPERATOR_TOOLS;
+            }
+        }
+        catch {
+            operatorTools = [];
+        }
+        tools = makeCloudTools(getClient, operatorTools);
+        modeBanner = `cloud-authenticated (user_id ${creds.user_id}, device ${creds.device_name}; ${tools.length} tools)`;
+    }
+    else if (snapshotEnv || hasDefaultSnapshot()) {
+        // LEGACY snapshot fallback.
+        const store = new HeuresisStore();
+        tools = makeLegacySnapshotTools(store);
+        modeBanner = `legacy snapshot mode (path: ${store.getSnapshotPath()})`;
+    }
+    else {
+        // Neither — print actionable error and exit.
+        console.error([
+            '[heuresis-mcp] Not configured.',
+            '',
+            'To use cloud mode (recommended):',
+            '  npx @heuresis/mcp login',
+            '',
+            'To use legacy snapshot mode (deprecated, removed after 19.7):',
+            '  HEURESIS_SNAPSHOT=/path/to/export.json npx @heuresis/mcp',
+            '',
+            'See https://heuresis.app/mcp for setup details.',
+        ].join('\n'));
+        process.exit(1);
+    }
+    // `resources` + `logging` are declared so the Realtime path (Phase 19.8) can
+    // call `server.sendResourceListChanged()` / `sendLoggingMessage()` without
+    // tripping the SDK's capability assertions. We don't expose any actual
+    // resource handlers, but the notification surface is what the realtime
+    // subscriber needs to ping the client when the workspace changes.
+    const server = new Server({ name: '@heuresis/mcp', version: VERSION }, { capabilities: { tools: {}, resources: { listChanged: true }, logging: {} } });
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: tools.map((t) => ({
+            name: t.name,
+            description: t.description,
+            inputSchema: zodToJsonSchema(t.inputSchema),
+        })),
+    }));
+    server.setRequestHandler(CallToolRequestSchema, async (req) => {
+        const tool = tools.find((t) => t.name === req.params.name);
+        if (!tool) {
+            return {
+                isError: true,
+                content: [
+                    { type: 'text', text: `Unknown tool: ${req.params.name}` },
+                ],
+            };
+        }
+        try {
+            const result = await tool.handler(req.params.arguments ?? {});
+            const text = JSON.stringify(result, null, 2);
+            if (text.length > MAX_RESULT_CHARS) {
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: 'text',
+                            text: `Result too large (${text.length} chars, limit ${MAX_RESULT_CHARS}). ` +
+                                `Narrow the query: lower 'limit'/'depth', keep detail='compact', ` +
+                                `or fetch individual nodes with get_concept.`,
+                        },
+                    ],
+                };
+            }
+            return {
+                content: [{ type: 'text', text }],
+            };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            return {
+                isError: true,
+                content: [{ type: 'text', text: `Error: ${msg}` }],
+            };
+        }
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error(`[heuresis-mcp ${VERSION}] ready - ${modeBanner}`);
+    // Phase 19.8 - Supabase Realtime CDC subscription. Cloud mode only; legacy
+    // snapshot mode has no live source to subscribe to.
+    if (creds) {
+        const realtimeOn = await readRealtimeFlag();
+        if (!realtimeOn) {
+            console.error('[heuresis-mcp] realtime: disabled (--no-realtime or config).');
+        }
+        else {
+            // Don't block boot on the realtime handshake; fire-and-forget. If the
+            // client (Supabase) is not reachable, the error surfaces on stderr.
+            void (async () => {
+                try {
+                    const { client } = await getCloudClient(creds);
+                    const wsId = await resolveSubscriptionWorkspaceId(client);
+                    if (!wsId) {
+                        console.error('[heuresis-mcp] realtime: no workspace visible; skipping subscription.');
+                        return;
+                    }
+                    startRealtimeSubscription(client, wsId, (event) => {
+                        if (event.eventType === 'RESYNC') {
+                            console.error('[heuresis-mcp] workspace resync: refetch any cached state.');
+                        }
+                        else if (event.table) {
+                            console.error(`[heuresis-mcp] workspace updated: ${event.table} ${event.eventType}`);
+                        }
+                        // Best-effort MCP notification. Most clients will treat this as a
+                        // hint to refresh. We swallow errors because not every client
+                        // honors the resources capability.
+                        void server.sendResourceListChanged().catch(() => {
+                            /* client does not implement resource updates; stderr log is enough */
+                        });
+                    });
+                }
+                catch (err) {
+                    const msg = err instanceof Error ? err.message : String(err);
+                    console.error(`[heuresis-mcp] realtime: subscription failed: ${msg}`);
+                }
+            })();
+        }
+    }
+}
+function hasDefaultSnapshot() {
+    try {
+        const s = new HeuresisStore();
+        // Only count the default path if it actually exists on disk; we never
+        // want the default-path branch to trigger a "snapshot not found" error
+        // when the user simply hasn't logged in yet.
+        return existsSync(s.getSnapshotPath());
+    }
+    catch {
+        return false;
+    }
+}
+async function main() {
+    // The Realtime flags (`--no-realtime` / `--realtime`) are consumed by the
+    // realtime module via process.argv directly; strip them here so they don't
+    // collide with subcommand dispatch when a user runs e.g.
+    // `npx @heuresis/mcp --no-realtime`.
+    const stripped = stripRealtimeFlags(process.argv.slice(2));
+    const sub = stripped[0];
+    switch (sub) {
+        case undefined:
+            await runServer();
+            return;
+        case 'login':
+            await loginCommand(stripped.slice(1));
+            return;
+        case 'logout':
+            await logoutCommand();
+            return;
+        case 'whoami':
+            await whoamiCommand();
+            return;
+        case '-h':
+        case '--help':
+        case 'help':
+            helpCommand();
+            return;
+        default:
+            console.error(`Unknown subcommand: ${sub}`);
+            helpCommand();
+            process.exit(2);
+    }
+}
+main().catch((err) => {
+    console.error('[heuresis-mcp] fatal:', err);
+    process.exit(1);
+});

package/dist/llm/client.js

@@ -0,0 +1,155 @@
+// LLM client — server-side analogue of `src/llm/client.ts`. Same four
+// providers (Anthropic, OpenAI, OpenRouter, Google), same defaults, but
+// streaming is collapsed into a single response since MCP tool calls return
+// a single payload anyway. No `dangerouslyAllowBrowser` because we're in
+// Node — the SDKs work natively here.
+//
+// Key resolution: the caller passes the key already resolved (via the
+// `get_my_provider_key` RPC in cloudOperators.ts) — this file never reads
+// from disk or the cloud directly. That keeps the trust boundary at one
+// place (the RPC + the resolver in cloudOperators.ts).
+import Anthropic from '@anthropic-ai/sdk';
+import OpenAI from 'openai';
+import { GoogleGenerativeAI } from '@google/generative-ai';
+const ANTHROPIC_DEFAULT = 'claude-sonnet-4-5-20250929';
+const OPENAI_DEFAULT = 'gpt-4o-mini';
+const OPENROUTER_DEFAULT = 'anthropic/claude-3.5-sonnet';
+const GOOGLE_DEFAULT = 'gemini-2.5-flash';
+export function defaultModelFor(provider) {
+    switch (provider) {
+        case 'anthropic':
+            return ANTHROPIC_DEFAULT;
+        case 'openai':
+            return OPENAI_DEFAULT;
+        case 'openrouter':
+            return OPENROUTER_DEFAULT;
+        case 'google':
+            return GOOGLE_DEFAULT;
+    }
+}
+export async function runLlm(config, input) {
+    if (!config.apiKey) {
+        throw new Error(`No API key provided for ${config.provider}. Resolve a key via get_my_provider_key first.`);
+    }
+    const maxTokens = input.maxTokens ?? 4096;
+    const temperature = input.temperature ?? 0.7;
+    switch (config.provider) {
+        case 'anthropic':
+            return callAnthropic(config, input, maxTokens, temperature);
+        case 'openai':
+            return callOpenAI(config, input, maxTokens, temperature);
+        case 'openrouter':
+            return callOpenRouter(config, input, maxTokens, temperature);
+        case 'google':
+            return callGoogle(config, input, maxTokens, temperature);
+    }
+}
+async function callAnthropic(config, input, maxTokens, temperature) {
+    const client = new Anthropic({ apiKey: config.apiKey });
+    // Mirror the webapp's prompt-caching strategy: when a stable systemPrefix
+    // is supplied, mark it as ephemeral-cacheable so repeated operator runs
+    // against the same doctrine block re-use the prompt cache.
+    const system = input.systemPrefix
+        ? [
+            {
+                type: 'text',
+                text: input.systemPrefix,
+                cache_control: { type: 'ephemeral' },
+            },
+        ]
+        : undefined;
+    const res = await client.messages.create({
+        model: config.model || ANTHROPIC_DEFAULT,
+        max_tokens: maxTokens,
+        temperature,
+        system,
+        messages: [{ role: 'user', content: input.prompt }],
+    });
+    const text = res.content
+        .map((b) => (b.type === 'text' ? b.text : ''))
+        .join('')
+        .trim();
+    return {
+        text,
+        stopReason: res.stop_reason ?? undefined,
+        usage: {
+            inputTokens: res.usage?.input_tokens,
+            outputTokens: res.usage?.output_tokens,
+        },
+    };
+}
+async function callOpenAI(config, input, maxTokens, temperature) {
+    const client = new OpenAI({ apiKey: config.apiKey });
+    const messages = [];
+    if (input.systemPrefix)
+        messages.push({ role: 'system', content: input.systemPrefix });
+    messages.push({ role: 'user', content: input.prompt });
+    const res = await client.chat.completions.create({
+        model: config.model || OPENAI_DEFAULT,
+        max_tokens: maxTokens,
+        temperature,
+        messages,
+        response_format: { type: 'json_object' },
+    });
+    const text = (res.choices[0]?.message?.content ?? '').trim();
+    return {
+        text,
+        stopReason: res.choices[0]?.finish_reason ?? undefined,
+        usage: {
+            inputTokens: res.usage?.prompt_tokens,
+            outputTokens: res.usage?.completion_tokens,
+        },
+    };
+}
+async function callOpenRouter(config, input, maxTokens, temperature) {
+    const client = new OpenAI({
+        apiKey: config.apiKey,
+        baseURL: 'https://openrouter.ai/api/v1',
+        defaultHeaders: {
+            'HTTP-Referer': 'https://heuresis.app',
+            'X-Title': 'Heuresis MCP',
+        },
+    });
+    const messages = [];
+    if (input.systemPrefix)
+        messages.push({ role: 'system', content: input.systemPrefix });
+    messages.push({ role: 'user', content: input.prompt });
+    const res = await client.chat.completions.create({
+        model: config.model || OPENROUTER_DEFAULT,
+        max_tokens: maxTokens,
+        temperature,
+        messages,
+    });
+    const text = (res.choices[0]?.message?.content ?? '').trim();
+    return {
+        text,
+        stopReason: res.choices[0]?.finish_reason ?? undefined,
+        usage: {
+            inputTokens: res.usage?.prompt_tokens,
+            outputTokens: res.usage?.completion_tokens,
+        },
+    };
+}
+async function callGoogle(config, input, maxTokens, temperature) {
+    const genAI = new GoogleGenerativeAI(config.apiKey);
+    const model = genAI.getGenerativeModel({
+        model: config.model || GOOGLE_DEFAULT,
+        systemInstruction: input.systemPrefix,
+        generationConfig: {
+            temperature,
+            maxOutputTokens: maxTokens,
+            responseMimeType: 'application/json',
+        },
+    });
+    const res = await model.generateContent(input.prompt);
+    const text = res.response.text().trim();
+    const candidate = res.response.candidates?.[0];
+    const meta = res.response.usageMetadata;
+    return {
+        text,
+        stopReason: candidate?.finishReason ?? undefined,
+        usage: meta
+            ? { inputTokens: meta.promptTokenCount, outputTokens: meta.candidatesTokenCount }
+            : undefined,
+    };
+}

package/dist/llm/cost.js

@@ -0,0 +1,65 @@
+// Cost-preview helper — derives an estimated credit cost for an operator run
+// from the rate card in `docs/credits.md` §2. Informational only; no actual
+// billing happens because operator runs use BYO-key (the cost goes against
+// the user's own provider account).
+//
+// One credit = $0.01 USD at retail. The rate card splits models into three
+// classes and applies a flat 1.5× markup. We pick the class by string match
+// on the model id — slightly fragile, but the alternative is to keep the
+// MCP in lockstep with a server-side card. Both numbers tend back to "1
+// credit for cheap, 3-4 for mid, 13-14 for top" so rough is fine.
+//
+// Token estimate for the prompt is `ceil(chars / 4)` (English heuristic).
+// Output is assumed to mirror the operator-JSON envelope: ~1500 tokens for
+// the canonical 3-5-partition response.
+const RATES = {
+    haiku: { inputCentsPer1K: 0.025, outputCentsPer1K: 0.125 },
+    sonnet: { inputCentsPer1K: 0.45, outputCentsPer1K: 2.25 },
+    opus: { inputCentsPer1K: 2.25, outputCentsPer1K: 11.25 },
+    // Unknown model: assume sonnet-class so the preview doesn't undersell.
+    unknown: { inputCentsPer1K: 0.45, outputCentsPer1K: 2.25 },
+};
+const MARKUP = 1.5;
+function classifyModel(provider, model) {
+    const m = (model || '').toLowerCase();
+    if (provider === 'anthropic' || provider === 'openrouter') {
+        if (m.includes('opus'))
+            return 'opus';
+        if (m.includes('sonnet'))
+            return 'sonnet';
+        if (m.includes('haiku'))
+            return 'haiku';
+    }
+    if (provider === 'openai') {
+        if (m.includes('mini') || m.includes('nano'))
+            return 'haiku';
+        if (m.includes('gpt-4o') || m.includes('gpt-4.1'))
+            return 'sonnet';
+        if (m.includes('o1') || m.includes('o3'))
+            return 'opus';
+    }
+    if (provider === 'google') {
+        if (m.includes('flash'))
+            return 'haiku';
+        if (m.includes('pro'))
+            return 'sonnet';
+    }
+    return 'unknown';
+}
+export function estimateCost(args) {
+    const cls = classifyModel(args.provider, args.model);
+    const rate = RATES[cls];
+    const inputTokens = Math.ceil(args.promptChars / 4);
+    const outputTokens = args.expectedOutputTokens ?? 1500;
+    const cents = ((inputTokens / 1000) * rate.inputCentsPer1K +
+        (outputTokens / 1000) * rate.outputCentsPer1K) *
+        MARKUP;
+    const credits = Math.max(1, Math.ceil(cents));
+    return {
+        credits,
+        dollars: Math.round(credits) / 100,
+        modelClass: cls,
+        inputTokensEst: inputTokens,
+        outputTokensEst: outputTokens,
+    };
+}

package/dist/operators/asit.js

@@ -0,0 +1,50 @@
+// ASIT family — verbatim duplicate of src/operators/asit.ts so the MCP
+// package builds independently of the main app. Keep in sync by hand if the
+// webapp tweaks any doctrine or promptFragment text.
+export const ASIT_OPERATORS = [
+    {
+        family: 'ASIT',
+        key: 'unification',
+        name: 'Unification',
+        glyph: '⊕',
+        oneLiner: 'One element, two roles.',
+        doctrine: 'Unification (Task Unification): keep the components of the system and the closed world fixed; let one of those components also perform an additional, unrelated task. Example: a phone screen also serves as a mirror.',
+        promptFragment: 'Apply the ASIT operator UNIFICATION (Task Unification): keep the existing components of the system fixed, and propose 3–5 partitions in which an EXISTING component is given an additional, previously-unrelated task. Do not introduce foreign components. Each partition should specify which component takes the new task and what that task is.',
+    },
+    {
+        family: 'ASIT',
+        key: 'multiplication',
+        name: 'Multiplication',
+        glyph: '×',
+        oneLiner: 'Add a copy with a small variation.',
+        doctrine: 'Multiplication: take an existing component and add a copy of it that differs in at least one property (size, position, timing, sensitivity). Closed-world: do not import alien parts.',
+        promptFragment: 'Apply the ASIT operator MULTIPLICATION: propose 3–5 partitions, each adding a near-copy of an EXISTING component but with at least one altered property (size, count, timing, location, sensitivity). State which component is duplicated and which property is altered.',
+    },
+    {
+        family: 'ASIT',
+        key: 'division',
+        name: 'Division',
+        glyph: '÷',
+        oneLiner: 'Split one element into independent parts.',
+        doctrine: 'Division: divide an existing component into parts and rearrange them. Splits can be physical (space), temporal (time), or functional (by attribute/condition).',
+        promptFragment: 'Apply the ASIT operator DIVISION: propose 3–5 partitions in which an EXISTING component is divided along space, time, or condition, and the parts are reorganised. State which component is divided and along which axis.',
+    },
+    {
+        family: 'ASIT',
+        key: 'object_removal',
+        name: 'Object Removal',
+        glyph: '⊖',
+        oneLiner: 'Eliminate, then redistribute the role.',
+        doctrine: 'Object Removal (Subtraction): remove a component that seems essential. The remaining system must achieve the goal — often by reassigning that role to another component (forces unification).',
+        promptFragment: 'Apply the ASIT operator OBJECT REMOVAL: propose 3–5 partitions, each removing one component that currently seems essential. For each, state which component is removed and how the remaining system still achieves the goal.',
+    },
+    {
+        family: 'ASIT',
+        key: 'breaking_symmetry',
+        name: 'Breaking Symmetry',
+        glyph: '⤧',
+        oneLiner: 'Replace a uniform property with a gradient.',
+        doctrine: 'Breaking Symmetry: take a property that is currently uniform across the system (in space, time, users, or conditions) and make it vary as a function of one of those variables.',
+        promptFragment: 'Apply the ASIT operator BREAKING SYMMETRY: propose 3–5 partitions, each turning a currently-uniform property of the system into one that varies with a contextual variable (location, time, user, condition). State the property and the variable it now depends on.',
+    },
+];