@meetless/mla 0.1.4

package/dist/commands/mcp-supervisor.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCP_RESTART_WINDOW_MS = exports.MCP_RESTART_MAX = void 0;
+exports.runMcpSupervisor = runMcpSupervisor;
+const child_process_1 = require("child_process");
+const mcp_restart_1 = require("../lib/mcp-restart");
+const orphan_guard_1 = require("../lib/orphan-guard");
+// The supervising parent for `mla mcp` (see lib/mcp-restart.ts for the why).
+// This process is intentionally dumb: it holds the client's stdio pipe open and
+// keeps a single `mla mcp --child` worker alive under it. The worker serves the
+// MCP protocol; when it detects a newer build on disk and goes idle it exits
+// with MCP_RESTART_EXIT_CODE, and we respawn it on the fresh dist. Because the
+// parent never closes fd 0/1, the MCP client never sees a disconnect across a
+// reload. Every other worker exit (0 clean disconnect via stdin EOF, 1/2 error)
+// is final and we propagate it.
+// Storm cap: tolerate this many reloads inside the window before giving up, so a
+// pathological loop (e.g. a build-info `builtAt` that is perpetually "newer" due
+// to clock skew) degrades to the old manual-restart behaviour instead of
+// respawning without bound. Legitimate dev rebuilds are far rarer than this.
+exports.MCP_RESTART_MAX = 5;
+exports.MCP_RESTART_WINDOW_MS = 60_000;
+// Re-spawn the SAME mla binary as `mla mcp --child`, inheriting our stdio so the
+// worker reads/writes the exact pipe the client connected to us on. process.exit
+// in the worker (the reload signal) closes only the worker's dup'd fds; ours stay
+// open, so the client's connection survives the swap. `onChild` is handed a
+// killer so the supervisor can SIGTERM this worker if the supervisor itself is
+// told to stop (otherwise a TERM to the supervisor would orphan the worker).
+function defaultSpawnChild(childArgv, onChild) {
+    return new Promise((resolve) => {
+        const child = (0, child_process_1.spawn)(process.execPath, [process.argv[1], "mcp", "--child", ...childArgv], { stdio: "inherit", env: process.env });
+        onChild?.(() => {
+            try {
+                child.kill("SIGTERM");
+            }
+            catch {
+                // already gone; nothing to reap.
+            }
+        });
+        child.on("exit", (code, signal) => resolve(typeof code === "number" ? code : signal ? 1 : 0));
+        child.on("error", () => resolve(1));
+    });
+}
+// Wire the supervisor's own teardown to the current worker by delegating to the
+// SAME guard the worker uses (lib/orphan-guard.ts), so the supervisor gets both
+// backstops, not just signal handling:
+//   - SIGTERM/SIGINT/SIGHUP: kill the worker first (onTerminate), then exit 143
+//     (the standard "terminated by SIGTERM" code) so the chain collapses cleanly
+//     instead of leaving the worker blocked on a stdin whose EOF never comes.
+//   - parent-death watchdog: if the supervisor is orphaned (ppid -> 1) while its
+//     worker is still alive beneath it, the worker's ppid is the still-running
+//     supervisor (NOT 1), so the worker's own watchdog never fires. The
+//     supervisor's does: it kills the worker (onTerminate) and exits 0. That
+//     orphaned-supervisor case was the MAJORITY of the measured leak (148 vs 61
+//     workers), so the watchdog has to live here too, not just at the leaf.
+// The 'exit' listener is a belt-and-suspenders reap for any OTHER exit path (the
+// guard wires only signals + the watchdog); kill is synchronous, so it is safe
+// to call from inside an 'exit' handler.
+function defaultInstallTeardown(killCurrent) {
+    (0, orphan_guard_1.installOrphanGuard)({ onTerminate: killCurrent, signalExitCode: 143 });
+    process.on("exit", () => killCurrent());
+}
+async function runMcpSupervisor(argv, deps = {}) {
+    const spawnChild = deps.spawnChild ?? defaultSpawnChild;
+    const errorLog = deps.errorLog ?? ((m) => console.error(m));
+    const now = deps.now ?? Date.now;
+    const installTeardown = deps.installTeardown ?? defaultInstallTeardown;
+    // The killer for whichever worker is live right now. Reset to a no-op the
+    // instant a worker exits, so a signal that races the worker's death (or the
+    // gap between reload-respawns) never double-kills or targets a dead pid. The
+    // teardown handlers below close over this slot, not over any one worker.
+    let killCurrentChild = () => { };
+    installTeardown(() => killCurrentChild());
+    const restarts = [];
+    for (;;) {
+        const code = await spawnChild(argv, (kill) => {
+            killCurrentChild = kill;
+        });
+        killCurrentChild = () => { };
+        if (code !== mcp_restart_1.MCP_RESTART_EXIT_CODE)
+            return code;
+        const t = now();
+        restarts.push(t);
+        const recent = restarts.filter((ts) => t - ts < exports.MCP_RESTART_WINDOW_MS);
+        if (recent.length > exports.MCP_RESTART_MAX) {
+            errorLog(`Meetless MCP: ${recent.length} reloads within ` +
+                `${Math.round(exports.MCP_RESTART_WINDOW_MS / 1000)}s; giving up to avoid a ` +
+                `restart storm. Restart your editor to recover.`);
+            return code;
+        }
+        errorLog("Meetless MCP: a newer build is on disk; reloading the server " +
+            "(no editor restart needed).");
+    }
+}

package/dist/commands/mcp.js

@@ -0,0 +1,227 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runMcp = runMcp;
+const path = __importStar(require("path"));
+const config_1 = require("../lib/config");
+const workspace_1 = require("../lib/workspace");
+const mcp_fetchers_1 = require("../lib/mcp-fetchers");
+const staleness_1 = require("../lib/staleness");
+const mcp_restart_1 = require("../lib/mcp-restart");
+const orphan_guard_1 = require("../lib/orphan-guard");
+const packaged_1 = require("../lib/packaged");
+// @meetless/mcp is ESM-only; `mla` compiles to CommonJS. It ships as a CJS
+// bundle (scripts/bundle-esm.js -> dist/bundles/mcp.js) so the CLI loads it with
+// a plain require(), which the pkg V8 snapshot supports. A true import() does
+// NOT work inside the snapshot (no ESM dynamic-import callback) and would die
+// with "A dynamic import callback was not specified". The Function constructor
+// below preserves a TRUE runtime import() for the dev fallback only (ts-node
+// `pnpm dev`, no built dist), where tsc must not downlevel it to require() of an
+// ESM package.
+const trueDynamicImport = new Function("u", "return import(u)");
+// dist/commands/mcp.js -> dist -> dist/bundles/mcp.js
+function mcpBundlePath() {
+    return path.resolve(__dirname, "..", "bundles", "mcp.js");
+}
+// Prefer the bundled CJS (require() works in the binary). Fall back to the ESM
+// source via a true import() for dev (ts-node), where no dist/bundles exists.
+// The fallback never runs inside the binary, where a true import() would throw;
+// there a require failure surfaces as-is. Only fall through on a genuine
+// "module not found"; a real load error inside the bundle must surface.
+async function loadAndServe(deps) {
+    let mod;
+    try {
+        mod = require(mcpBundlePath());
+    }
+    catch (e) {
+        if ((0, packaged_1.isPackagedBinary)())
+            throw e;
+        const code = e?.code;
+        if (code !== "MODULE_NOT_FOUND" && code !== "ERR_MODULE_NOT_FOUND")
+            throw e;
+        mod = (await trueDynamicImport("@meetless/mcp"));
+    }
+    return mod.runStdioServer(deps);
+}
+// A spawned MCP server is a daemon: it cannot `cd`, and its launch cwd is
+// whatever the client chose, which may sit outside the activated repo. So
+// `mla mcp` must NOT blindly trust process.cwd() for marker resolution. Derive
+// the start dir from an explicit client signal instead, in priority order:
+//   1. an injected startDir (tests, and a future `mla mcp --dir <path>`),
+//   2. MEETLESS_PROJECT_DIR  (client-agnostic: any MCP client can pin the repo
+//      in its server `env` block),
+//   3. CLAUDE_PROJECT_DIR    (Claude Code sets this to the project root for
+//      every stdio server it spawns, so CC users get zero-config resolution).
+// Falling through to undefined lets resolveWorkspaceContext default to
+// process.cwd(), which is correct for an interactive `mla mcp` launch.
+function resolveStartDir(env, explicit) {
+    return (explicit ?? env.MEETLESS_PROJECT_DIR ?? env.CLAUDE_PROJECT_DIR ?? undefined);
+}
+// notesRoot powers ONLY the INDEX.md canonical matcher, which degrades to
+// retrieval when absent, so an imperfect guess is non-fatal. Honor an explicit
+// override, else derive the standalone notes repo as a sibling of the marker
+// repo (projects/<x>/notes for the dogfood layout).
+function resolveNotesRoot(env, ctx) {
+    if (env.MEETLESS_NOTES_ROOT)
+        return env.MEETLESS_NOTES_ROOT;
+    return path.resolve(ctx.markerDir, "..", "notes");
+}
+function notActivatedStatus() {
+    return {
+        state: "inactive",
+        reason: "not-activated",
+        message: "Meetless is installed but inactive in this repository. No Meetless context is being injected.",
+        action: { command: "mla activate" },
+    };
+}
+function notAuthenticatedStatus() {
+    return {
+        state: "inactive",
+        reason: "not-authenticated",
+        message: "Meetless is not logged in, so it is inactive here. No Meetless context is being injected.",
+        action: { command: "mla login" },
+    };
+}
+function invalidActivationStatus() {
+    return {
+        state: "inactive",
+        reason: "invalid-activation",
+        message: "Meetless activation is incomplete in this repository. Run `mla doctor`, then rerun `mla activate` to repair it.",
+        action: { command: "mla doctor" },
+    };
+}
+// Boot a connected-but-inactive (status-only) server for a KNOWN dormant state.
+// The handshake completes (green in Claude Code), only the status tool is
+// advertised, and no backend is touched. One stderr breadcrumb is written for
+// Claude Code's MCP log so a connected-but-inactive server reads as intentional,
+// not a crash; it is a plain log line, not a TTY branch.
+async function serveInactive(status, startServer, installGuard, err) {
+    err(`meetless mcp: inactive (${status.reason}); run \`${status.action.command}\` to enable.`);
+    installGuard();
+    try {
+        await startServer({ mode: "inactive", status });
+        return 0;
+    }
+    catch (e) {
+        err(`meetless mcp server exited with an error: ${e.message}`);
+        return 1;
+    }
+}
+async function runMcp(argv, deps = {}) {
+    const readCfg = deps.readConfig ?? config_1.readConfig;
+    const resolveWs = deps.resolveWorkspaceContext ?? workspace_1.resolveWorkspaceContext;
+    const makeControlFetch = deps.makeControlFetch ?? mcp_fetchers_1.makeControlFetchFromCli;
+    const makeIntelFetch = deps.makeIntelFetch ?? mcp_fetchers_1.makeIntelFetchFromCli;
+    const makeIntelAsk = deps.makeIntelAsk ?? mcp_fetchers_1.makeIntelAskFromCli;
+    const makeStaleCheck = deps.makeStaleCheck ?? staleness_1.makeMcpStaleCheck;
+    const startServer = deps.startServer ?? loadAndServe;
+    const installGuard = deps.installOrphanGuard ?? orphan_guard_1.installOrphanGuard;
+    const env = deps.env ?? process.env;
+    const err = deps.errorLog ?? ((m) => console.error(m));
+    const exit = deps.exit ?? ((code) => process.exit(code));
+    let cfg;
+    try {
+        cfg = readCfg();
+    }
+    catch (e) {
+        err(e.message);
+        return 2;
+    }
+    // `none` is terminal for credentials but no longer fatal for the server: boot
+    // a status-only server so Claude Code shows a CONNECTED (not red) server that
+    // can explain it needs `mla login`.
+    if (cfg.auth.mode === "none") {
+        return serveInactive(notAuthenticatedStatus(), startServer, installGuard, err);
+    }
+    let ctx;
+    try {
+        ctx = resolveWs(resolveStartDir(env, deps.startDir));
+    }
+    catch (e) {
+        // Known-inactive states: serve a green, status-only server instead of dying
+        // red. Distinguish a missing activation (`mla activate`) from a present but
+        // broken marker (`mla doctor` to repair).
+        if (e instanceof workspace_1.NotActivatedError) {
+            return serveInactive(notActivatedStatus(), startServer, installGuard, err);
+        }
+        if (e instanceof workspace_1.MarkerMissingWorkspaceIdError) {
+            return serveInactive(invalidActivationStatus(), startServer, installGuard, err);
+        }
+        // An unanticipated resolution failure stays fatal (red): we cannot truthfully
+        // describe a state we did not expect.
+        err(e.message);
+        return 2;
+    }
+    const serverDeps = {
+        mode: "active",
+        // Closures bind the SAME cfg object, so http.ts's in-place token rotation
+        // (refreshUserToken) stays visible to every later control / intel call.
+        controlFetch: makeControlFetch(cfg),
+        intelFetch: makeIntelFetch(cfg),
+        intelAsk: makeIntelAsk(cfg),
+        defaultWorkspaceId: ctx.workspaceId,
+        notesRoot: resolveNotesRoot(env, ctx),
+        // Identity is the audited human under user-token; shared-key has none.
+        operatorUserId: cfg.auth.mode === "user-token" ? cfg.auth.user.id : null,
+        agentRuntime: env.MEETLESS_AGENT_RUNTIME || null,
+        // Snapshot the build identity now, at spawn; the probe compares against the
+        // on-disk build on every later tool call.
+        staleCheck: makeStaleCheck(),
+        // Only a supervised child can be respawned, so only it self-heals. A bare /
+        // kill-switched run has no parent to come back to, so it leaves this null and
+        // relies on the inline staleCheck warning instead.
+        onStaleRestart: (0, mcp_restart_1.isMcpChild)(argv, env)
+            ? () => exit(mcp_restart_1.MCP_RESTART_EXIT_CODE)
+            : null,
+    };
+    // Install the worker's death backstops just before serving. The server below
+    // resolves ONLY on stdin EOF; if the client dies without closing the pipe the
+    // process would otherwise block forever (reparented to pid 1). Signal handlers
+    // + a parent-death watchdog reap it. Applies to BOTH the supervised --child
+    // worker and a bare / kill-switched single-process run: in the bare case our
+    // direct parent is the client, so its death also flips ppid to 1 and we exit.
+    installGuard();
+    try {
+        // Long-lived: in production this resolves only when the MCP client
+        // disconnects (stdin EOF). The entrypoint's process.exit therefore fires
+        // after the server is done, never tearing it down mid-session.
+        await startServer(serverDeps);
+        return 0;
+    }
+    catch (e) {
+        err(`meetless mcp server exited with an error: ${e.message}`);
+        return 1;
+    }
+}

package/dist/commands/queue-prune.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runQueuePrune = runQueuePrune;
+const spool_1 = require("../lib/spool");
+function parseArgs(argv) {
+    const out = {
+        yes: false,
+        dryRun: false,
+        flush: true,
+        maxAgeHours: null,
+        session: undefined,
+        error: null,
+    };
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === "--yes" || a === "-y")
+            out.yes = true;
+        else if (a === "--dry-run")
+            out.dryRun = true;
+        else if (a === "--no-flush")
+            out.flush = false;
+        else if (a === "--max-age-hours") {
+            const v = Number(argv[++i]);
+            if (!Number.isFinite(v) || v < 0) {
+                out.error = `--max-age-hours expects a non-negative number, got: ${argv[i] ?? "(missing)"}`;
+                return out;
+            }
+            out.maxAgeHours = v;
+        }
+        else if (a === "--session") {
+            out.session = argv[++i];
+            if (!out.session) {
+                out.error = "--session expects a session id";
+                return out;
+            }
+        }
+        else {
+            out.error = `Unknown flag: ${a}`;
+            return out;
+        }
+    }
+    return out;
+}
+function fmtBytes(n) {
+    if (n < 1024)
+        return `${n}B`;
+    if (n < 1024 * 1024)
+        return `${(n / 1024).toFixed(1)}K`;
+    return `${(n / (1024 * 1024)).toFixed(1)}M`;
+}
+function fmtAge(sec) {
+    if (sec === null)
+        return "n/a";
+    if (sec < 3600)
+        return `${Math.round(sec / 60)}m`;
+    if (sec < 86_400)
+        return `${(sec / 3600).toFixed(1)}h`;
+    return `${(sec / 86_400).toFixed(1)}d`;
+}
+async function runQueuePrune(argv, opts = {}) {
+    const a = parseArgs(argv);
+    if (a.error) {
+        console.error(a.error);
+        return 2;
+    }
+    const maxAgeSec = a.maxAgeHours != null ? Math.round(a.maxAgeHours * 3600) : undefined;
+    const plan = (0, spool_1.planQueuePrune)({
+        maxAgeSec,
+        sessionId: a.session,
+        queueDir: opts.queueDir,
+        now: opts.now,
+    });
+    if (plan.candidates.length === 0) {
+        console.log(`Nothing to prune (${plan.skippedFresh} session(s) too fresh to be litter).`);
+        return 0;
+    }
+    console.log(`Prune plan: ${plan.candidates.length} dead session(s), ${plan.totalFiles} files, ` +
+        `${plan.totalUnflushedEvents} un-flushed event(s), ${fmtBytes(plan.totalBytes)}, ` +
+        `oldest ${fmtAge(plan.oldestAgeSec)}.`);
+    for (const c of plan.candidates.slice(0, 20)) {
+        console.log(`  ${c.sessionId}  ${c.files.length} files  ${c.unflushedEvents} ev  ${fmtAge(c.ageSec)}`);
+    }
+    if (plan.candidates.length > 20) {
+        console.log(`  ... and ${plan.candidates.length - 20} more`);
+    }
+    if (!a.yes || a.dryRun) {
+        console.log(`\nDry run (no files removed). Re-run with --yes to prune` +
+            (a.flush ? "; un-flushed events are flushed best-effort first" : "") +
+            `.`);
+        return 0;
+    }
+    const res = (0, spool_1.executeQueuePrune)(plan, { hookDir: opts.hookDir, flush: a.flush });
+    console.log(`Pruned ${res.prunedSessions.length} session(s): removed ${res.removedFiles} files` +
+        (res.flushedSessions ? `, flushed ${res.flushedSessions} before prune` : "") +
+        (res.discardedEvents ? `, discarded ${res.discardedEvents} undeliverable event(s)` : "") +
+        `.`);
+    return 0;
+}