@icoretech/warden-mcp 0.1.9 → 0.1.12

package/README.md

@@ -121,7 +121,7 @@ docker run --rm -p 3005:3005 ghcr.io/icoretech/warden-mcp
 ### Global install
 
 ```bash
-npm install -g @icoretech/warden-mcp
+npm install -g @icoretech/warden-mcp@latest
 warden-mcp
 ```
 
@@ -130,7 +130,7 @@ warden-mcp
 For local MCP hosts, stdio is the most portable option.
 
 ```bash
-npx -y @icoretech/warden-mcp --stdio
+npx -y @icoretech/warden-mcp@latest --stdio
 ```
 
 The examples below use Bitwarden API-key auth. If you prefer username/password login, replace `BW_CLIENTID` + `BW_CLIENTSECRET` with `BW_USER`.
@@ -146,10 +146,10 @@ codex mcp add warden \
   --env BW_CLIENTID=user.xxxxx \
   --env BW_CLIENTSECRET=xxxxx \
   --env BW_PASSWORD='your-master-password' \
-  -- npx -y @icoretech/warden-mcp --stdio
+  -- npx -y @icoretech/warden-mcp@latest --stdio
 
 # Claude Code
-claude mcp add-json warden '{"command":"npx","args":["-y","@icoretech/warden-mcp","--stdio"],"env":{"BW_HOST":"https://vaultwarden.example.com","BW_CLIENTID":"user.xxxxx","BW_CLIENTSECRET":"xxxxx","BW_PASSWORD":"your-master-password"}}'
+claude mcp add-json warden '{"command":"npx","args":["-y","@icoretech/warden-mcp@latest","--stdio"],"env":{"BW_HOST":"https://vaultwarden.example.com","BW_CLIENTID":"user.xxxxx","BW_CLIENTSECRET":"xxxxx","BW_PASSWORD":"your-master-password"}}'
 
 # Qwen Code
 qwen mcp add warden \
@@ -157,7 +157,7 @@ qwen mcp add warden \
   -e BW_CLIENTID=user.xxxxx \
   -e BW_CLIENTSECRET=xxxxx \
   -e BW_PASSWORD=your-master-password \
-  npx -y @icoretech/warden-mcp --stdio
+  npx -y @icoretech/warden-mcp@latest --stdio
 ```
 
 ### JSON config hosts

package/bin/warden-mcp.js

@@ -3,9 +3,9 @@
 // bin/warden-mcp.js — CLI entry for @icoretech/warden-mcp
 
 import { spawnSync } from 'node:child_process';
-import { accessSync, constants, existsSync } from 'node:fs';
+import { accessSync, constants, existsSync, readFileSync } from 'node:fs';
 import { createRequire } from 'node:module';
-import { dirname, join, resolve } from 'node:path';
+import { dirname, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -14,12 +14,12 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
 if (!process.env.BW_BIN) {
   try {
     const require = createRequire(import.meta.url);
-    // @bitwarden/cli installs the binary at <pkg>/dist/bw (the npm bin shim
-    // lives at node_modules/.bin/bw, but we resolve to the actual package).
+    const { resolveBundledBwCandidate } = await import(
+      resolve(__dirname, '../dist/bw/resolveBwBin.js')
+    );
     const pkgManifest = require.resolve('@bitwarden/cli/package.json');
-    const pkgDir = dirname(pkgManifest);
-    // The CLI binary is published as `bw` (no extension) inside the package.
-    const candidate = join(pkgDir, 'dist', 'bw');
+    const pkgJson = JSON.parse(readFileSync(pkgManifest, 'utf8'));
+    const candidate = resolveBundledBwCandidate(pkgManifest, pkgJson.bin);
     if (existsSync(candidate)) {
       try {
         accessSync(candidate, constants.X_OK);

package/dist/bw/bwCli.js

@@ -16,9 +16,10 @@ export async function runBw(args, opts = {}) {
     const bwBin = process.env.BW_BIN ?? 'bw';
     // Ensure the CLI never blocks waiting for a prompt (e.g. master password).
     // This is critical for running as an MCP server / in test automation.
-    const finalArgs = args.includes('--nointeraction')
-        ? args
-        : ['--nointeraction', ...args];
+    const injectNoInteraction = opts.noInteraction ?? true;
+    const finalArgs = injectNoInteraction && !args.includes('--nointeraction')
+        ? ['--nointeraction', ...args]
+        : args;
     const env = { ...process.env, ...(opts.env ?? {}) };
     const debug = (process.env.KEYCHAIN_DEBUG_BW ?? 'false').toLowerCase() === 'true';
     const startedAt = Date.now();

package/dist/bw/bwSession.js

@@ -169,7 +169,7 @@ export class BwSessionManager {
         });
         const tryUnlock = async () => {
             try {
-                const { stdout } = await runBw(['unlock', '--passwordenv', 'BW_PASSWORD', '--raw'], { env: unlockEnv, timeoutMs: 60_000 });
+                const { stdout } = await runBw(['unlock', '--passwordenv', 'BW_PASSWORD', '--raw'], { env: unlockEnv, timeoutMs: 60_000, noInteraction: false });
                 return stdout.trim();
             }
             catch {
@@ -186,6 +186,7 @@ export class BwSessionManager {
                             BW_HOST: this.env.host,
                         }),
                         timeoutMs: 60_000,
+                        noInteraction: false,
                     });
                     return stdout.trim();
                 }
@@ -195,7 +196,7 @@ export class BwSessionManager {
                     '--passwordenv',
                     'BW_PASSWORD',
                     '--raw',
-                ], { env: unlockEnv, timeoutMs: 60_000 });
+                ], { env: unlockEnv, timeoutMs: 60_000, noInteraction: false });
                 return stdout.trim();
             }
             catch {

package/dist/bw/resolveBwBin.js

@@ -0,0 +1,10 @@
+import { dirname, join } from 'node:path';
+export function resolveBundledBwCandidate(pkgManifestPath, pkgBin) {
+    const pkgDir = dirname(pkgManifestPath);
+    const binEntry = typeof pkgBin === 'string'
+        ? pkgBin
+        : typeof pkgBin?.bw === 'string'
+            ? pkgBin.bw
+            : 'dist/bw';
+    return join(pkgDir, binEntry);
+}

package/dist/sdk/usernameGenerator.js

@@ -63,35 +63,34 @@ const CODAS = [
     'ng',
 ];
 function titleCase(s) {
-    if (!s)
-        return s;
-    const first = s.charAt(0);
-    return first.toUpperCase() + s.slice(1);
+    return s.charAt(0).toUpperCase() + s.slice(1);
 }
 function randomWord(opts, deps) {
     // "Word-like" usernames without pulling a large word list dependency.
     // Produces a pronounceable-ish token such as "cravon" or "Plenast7".
-    for (let i = 0; i < 12; i++) {
-        const syllables = 2 + deps.randInt(2); // 2-3
-        let s = '';
-        for (let j = 0; j < syllables; j++) {
-            s += ONSETS[deps.randInt(ONSETS.length)] ?? 'k';
-            s += VOWELS[deps.randInt(VOWELS.length)] ?? 'a';
-            const coda = CODAS[deps.randInt(CODAS.length)] ?? '';
-            // Avoid overly long tokens by preferring empty coda on earlier syllables.
-            s += j === syllables - 1 ? coda : coda.length > 1 ? '' : coda;
+    // With the current arrays, minimum output is 4 chars ("baba") and maximum
+    // is ~14 chars, so the length check always passes on the first iteration.
+    const syllables = 2 + deps.randInt(2); // 2-3
+    let s = '';
+    for (let j = 0; j < syllables; j++) {
+        const onset = ONSETS[deps.randInt(ONSETS.length)];
+        const vowel = VOWELS[deps.randInt(VOWELS.length)];
+        const coda = CODAS[deps.randInt(CODAS.length)];
+        s += onset;
+        s += vowel;
+        // Avoid overly long tokens by preferring empty coda on earlier syllables.
+        if (j === syllables - 1) {
+            s += coda;
+        }
+        else if (coda.length <= 1) {
+            s += coda;
         }
-        if (s.length < 4 || s.length > 18)
-            continue;
-        if (opts.capitalize)
-            s = titleCase(s);
-        if (opts.includeNumber)
-            s += String(deps.randInt(10));
-        return s;
     }
-    // Fallback: still deterministic with deps.randInt in tests.
-    const fallback = `user${deps.randInt(1_000_000)}`;
-    return opts.capitalize ? titleCase(fallback) : fallback;
+    if (opts.capitalize)
+        s = titleCase(s);
+    if (opts.includeNumber)
+        s += String(deps.randInt(10));
+    return s;
 }
 function parseEmail(email) {
     const trimmed = email.trim();
@@ -126,7 +125,7 @@ export function generateUsername(input = {}, deps) {
             throw new Error('email is required for plus_addressed_email');
         }
         const { local, domain } = parseEmail(input.email);
-        const baseLocal = local.split('+')[0] ?? local;
+        const baseLocal = local.split('+')[0];
         return `${baseLocal}+${word}@${domain}`;
     }
     if (type === 'catch_all_email') {
@@ -136,7 +135,6 @@ export function generateUsername(input = {}, deps) {
         const domain = normalizeDomain(input.domain);
         return `${word}@${domain}`;
     }
-    // Exhaustive check.
-    const _never = type;
-    return _never;
+    // Exhaustive check — TypeScript errors here if a new type is added without a handler.
+    throw new Error(`Unsupported username generator type: ${type}`);
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "private": false,
   "name": "@icoretech/warden-mcp",
-  "version": "0.1.9",
+  "version": "0.1.12",
   "type": "module",
   "license": "MIT",
   "description": "Vaultwarden/Bitwarden MCP server backed by Bitwarden CLI (bw).",
@@ -37,6 +37,7 @@
     "build": "tsc -p .",
     "start": "node dist/server.js",
     "test": "npm run build && node --test \"dist/**/*.test.js\"",
+    "test:coverage": "npm run build && node --test --experimental-test-coverage \"dist/**/*.test.js\"",
     "test:integration": "npm run build && node --test --test-timeout=45000 \"dist/integration/**/*.test.js\"",
     "test:session-regression": "node scripts/session-flood-regression.mjs",
     "lint": "biome check --write --assist-enabled=true . && tsc --noEmit"
@@ -47,7 +48,7 @@
     "zod": "^4.3.6"
   },
   "optionalDependencies": {
-    "@bitwarden/cli": "2026.2.0"
+    "@bitwarden/cli": "2026.1.0"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.4.8",