@meetless/mla 0.1.4

package/dist/lib/identity-envelope.js

@@ -0,0 +1,23 @@
+"use strict";
+// tools/meetless-agent/src/lib/identity-envelope.ts
+// Canonical identity-envelope contract for Zone 1 (Active Review). The bash
+// PostToolUse hook computes the same fields; these helpers define the one true
+// shape so the TS reader and the bash writer cannot drift. See
+// notes/20260604-auto-propose-produced-docs-to-kb.md (identity envelope, dedup key).
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scopeKey = scopeKey;
+exports.dedupIdentity = dedupIdentity;
+// Owner-scoped partition key. Active Review dedup and TTL are evaluated WITHIN a
+// scope, which is what makes cross-owner isolation (test 32) hold even though the
+// dedup tuple below names content, not owner.
+function scopeKey(e) {
+    return `${e.workspaceId}|${e.repoRootHash}|${e.ownerUserId}`;
+}
+// Full dedup identity. Spec lists the dedup tuple as
+// workspaceId+repoRootHash+canonicalPath+contentHash+kind; we prefix it with the
+// owner-scoped partition so identical content under two owners (test 32) or two
+// repos (test 5) never collapses. This is the explicit resolution of the spec's
+// dedup-key vs scope-key ambiguity: dedup is partitioned by scope.
+function dedupIdentity(e) {
+    return [scopeKey(e), e.canonicalPath, e.contentHash, e.kind].join("|");
+}

package/dist/lib/kb-candidate.js

@@ -0,0 +1,65 @@
+"use strict";
+// Shared types + the mechanical-validity classifier for the B5 agent-proxy review
+// commands (`mla kb pending`, `mla kb review`). See
+// notes/20260603-mla-kb-agent-proxy-and-evidence-adoption.md §3 (B5) and P2.
+//
+// The classifier is the enforcement point of the P2 reject-only auto-resolution
+// policy: an automated proxy (`mla kb review --agent`) may auto-REJECT a candidate
+// ONLY when this returns autoRejectable, and may never auto-accept anything. So
+// this gate must be conservative to the point of paranoia: a FALSE POSITIVE here
+// discards a real edge (the exact "poison" the doc warns against), whereas a false
+// negative merely routes the candidate to a human. We therefore implement only the
+// mechanical conditions that are decidable from the candidate row alone with zero
+// ambiguity, and deliberately SKIP the conditions that need server round-trips or
+// the relation-type registry (deleted-doc, duplicate-of-accepted-LIVE-edge,
+// invalid-relation-type, non-LIVE-revision). Those are surfaced to a human instead.
+// The CLI also intentionally does not depend on @meetless/utils, so coupling the
+// gate to RELATION_TYPE_REGISTRY (and risking false rejects on registry drift) is
+// off the table by construction.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTO_REJECT_CONFIDENCE_FLOOR = void 0;
+exports.classifyMechanicalInvalidity = classifyMechanicalInvalidity;
+exports.candidateConsoleUrl = candidateConsoleUrl;
+// Confidence below this floor, combined with no supporting quote, marks a candidate
+// as mechanical noise. Set below the detector's "medium" tier (~0.45) so it only
+// ever fires on the genuinely unsupported tail, never on a borderline-real edge.
+exports.AUTO_REJECT_CONFIDENCE_FLOOR = 0.3;
+function hasSupportingQuote(ev) {
+    if (!ev)
+        return false;
+    const src = typeof ev.sourceQuote === "string" ? ev.sourceQuote.trim() : "";
+    const tgt = typeof ev.targetQuote === "string" ? ev.targetQuote.trim() : "";
+    return src.length > 0 || tgt.length > 0;
+}
+// Decide whether a candidate is MECHANICALLY invalid (unambiguous noise an agent may
+// auto-reject). Pure; no I/O. See the module header for why this is conservative.
+function classifyMechanicalInvalidity(c) {
+    // 1. Self-edge: same artifact on both endpoints. A relation from a doc to itself
+    //    is structurally meaningless regardless of confidence. (A unary candidate with
+    //    a null target is NOT a self-edge.)
+    if (c.targetArtifactId !== null &&
+        c.sourceArtifactId === c.targetArtifactId &&
+        (c.targetType === null || c.sourceType === c.targetType)) {
+        return {
+            autoRejectable: true,
+            reasonCode: "self_edge",
+            reason: `self-edge: source and target are the same artifact (${c.sourceArtifactId})`,
+        };
+    }
+    // 2. Very-low confidence AND no supporting quote: the detector neither believed it
+    //    nor anchored it in text. With a quote present we defer to a human (the quote
+    //    may carry the signal the score missed).
+    if (c.confidence < exports.AUTO_REJECT_CONFIDENCE_FLOOR && !hasSupportingQuote(c.evidenceJson)) {
+        return {
+            autoRejectable: true,
+            reasonCode: "low_confidence_no_quote",
+            reason: `confidence ${c.confidence.toFixed(2)} below floor ${exports.AUTO_REJECT_CONFIDENCE_FLOOR.toFixed(2)} with no supporting quote`,
+        };
+    }
+    return { autoRejectable: false, reasonCode: null, reason: null };
+}
+// Canonical Console deep link for a relationship candidate. consoleBase must already
+// be trailing-slash-stripped (see getConsoleUrl).
+function candidateConsoleUrl(consoleBase, candidateId) {
+    return `${consoleBase}/relationships/${candidateId}`;
+}

package/dist/lib/kb_acl.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KbOwnerCheckError = void 0;
+exports.verifyKbActorIsOwner = verifyKbActorIsOwner;
+const http_1 = require("./http");
+// KB curation §9.3 + §13.14 second bullet: every KB write command MUST refuse
+// to run when the configured `actorUserId` is not a workspace OWNER. The
+// doctor surfaces the same check up front so an operator can fix the config
+// before invoking a write, but the doctor is advisory and an operator can
+// (and does) skip running it. Without a runtime gate, a non-owner config
+// would silently stamp an unauthorized identity onto an outbox event and the
+// audit row would land as if the write were authorized. §9.5 leaves room for
+// a future per-scope `KB_CURATE` permission; v1 is owner-only by design
+// (proposal §11 locked decision Q8) and the gate lives here so all KB write
+// commands share a single source of truth.
+//
+// Implementation parity with doctor.ts (§9.3):
+//   - Same endpoint: GET /internal/v1/whoami?workspaceId=<ws>&actorUserId=<id>
+//   - Same actorIsOwner resolution: trust the typed boolean when present,
+//     fall back to actor.role === "OWNER" so a rollout that ships the CLI
+//     before the new server field does not flap.
+//   - Same fail-message shape: name the actor, the workspace, and point to
+//     the doctor so the operator can re-verify after fixing the config.
+const OWNER_CHECK_TIMEOUT_MS = 6000;
+// The whoami probe is an idempotent GET, so a transient transport failure is
+// safe to retry. Incident (session 2c881e60, 2026-06-14): the per-doc owner
+// check inside `mla kb add` hit a single undici "fetch failed" connection blip
+// right after a heavy ingest, threw with no retry, and the auto-index loop
+// counted the produced doc `failed` with no in-run recovery -> the note was
+// silently orphaned from the KB. A small bounded retry absorbs that blip for
+// EVERY KB write command and the auto-index preflight without weakening the
+// owner-only gate (a deterministic non-owner / 4xx verdict is never retried).
+const OWNER_CHECK_MAX_ATTEMPTS = 3;
+// Linear backoff between attempts. Index 0 is the wait after attempt 1, etc;
+// the last entry is reused if maxAttempts is raised. Kept short: the common
+// failure ("fetch failed" = connection refused/reset) rejects in milliseconds.
+const OWNER_CHECK_BACKOFF_MS = [200, 500];
+class KbOwnerCheckError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "KbOwnerCheckError";
+    }
+}
+exports.KbOwnerCheckError = KbOwnerCheckError;
+function resolveActorIsOwner(body) {
+    if (!body)
+        return false;
+    if (typeof body.actorIsOwner === "boolean")
+        return body.actorIsOwner;
+    return body.actor?.role === "OWNER";
+}
+// A request that never received an HTTP response (DNS, ECONNREFUSED,
+// ECONNRESET, socket hang up, fetch abort/timeout) rejects as a raw
+// TypeError/DOMException with NO `status` (see HttpError doc in http.ts). A 5xx
+// is a server-side transient. Both are worth a bounded retry. A 4xx (incl. a
+// 401 that already survived doFetch's auto-refresh) is a deterministic verdict
+// that a retry cannot change.
+function isTransientHttpError(err) {
+    return err.status === undefined || err.status >= 500;
+}
+const realSleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+async function fetchWhoamiWithRetry(cfg, path, maxAttempts, sleep) {
+    for (let attempt = 1;; attempt++) {
+        try {
+            return await (0, http_1.get)(cfg, path, OWNER_CHECK_TIMEOUT_MS);
+        }
+        catch (e) {
+            const err = e;
+            if (attempt >= maxAttempts || !isTransientHttpError(err)) {
+                throw new KbOwnerCheckError(`KB owner check failed: could not reach control to verify actor ` +
+                    `'${cfg.actorUserId}' for workspace '${cfg.workspaceId}'. ` +
+                    `${err.message.slice(0, 200)}. ` +
+                    `Run 'mla doctor' to diagnose; KB curation requires OWNER.`);
+            }
+            const backoff = OWNER_CHECK_BACKOFF_MS[Math.min(attempt - 1, OWNER_CHECK_BACKOFF_MS.length - 1)];
+            await sleep(backoff);
+        }
+    }
+}
+async function verifyKbActorIsOwner(cfg, opts = {}) {
+    const path = `/internal/v1/whoami?workspaceId=${encodeURIComponent(cfg.workspaceId)}` +
+        `&actorUserId=${encodeURIComponent(cfg.actorUserId)}`;
+    const maxAttempts = opts.maxAttempts ?? OWNER_CHECK_MAX_ATTEMPTS;
+    const sleep = opts.sleep ?? realSleep;
+    const body = await fetchWhoamiWithRetry(cfg, path, maxAttempts, sleep);
+    if (!body?.actor) {
+        throw new KbOwnerCheckError(`KB owner check failed: actor '${cfg.actorUserId}' is not a member of ` +
+            `workspace '${cfg.workspaceId}'. Edit cli-config.json to point at a ` +
+            `workspace OWNER, then re-run 'mla doctor' to confirm.`);
+    }
+    if (!resolveActorIsOwner(body)) {
+        const role = body.actor?.role ?? "UNKNOWN";
+        throw new KbOwnerCheckError(`KB owner check failed: actor '${cfg.actorUserId}' has role '${role}' ` +
+            `in workspace '${cfg.workspaceId}'; KB curation requires OWNER ` +
+            `(proposal §9.3 + §13.14). Re-point cli-config.actorUserId at a ` +
+            `workspace owner and re-run 'mla doctor'.`);
+    }
+}

package/dist/lib/login.js

@@ -0,0 +1,353 @@
+"use strict";
+// `mla login` browser-login transport (proposal §6.1-§6.3, T21).
+//
+// Owns the loopback OAuth dance: generate PKCE, stand up a single-shot loopback
+// HTTP listener on 127.0.0.1, open the Console authorize page in the OS browser,
+// wait for the callback (or a 5-minute timeout), then exchange the one-time grant
+// `code` + PKCE `codeVerifier` for a user-token bundle. No new runtime deps: Node
+// built-in `http`, `crypto`, `child_process`, `os` only.
+//
+// Security invariants enforced here:
+//   - The exchange POST carries NO Authorization header (proposal §0.01 clause 1 /
+//     §4.1): the one-time `code` + PKCE `codeVerifier` in the JSON body ARE the
+//     proof-of-possession. Control rejects the call with 400 if any Authorization
+//     header is present, so we never send one.
+//   - The grant `code`, PKCE `codeVerifier`, and the returned access/refresh
+//     tokens are NEVER logged. We log only the authorize URL (which carries the
+//     PKCE *challenge*, a sha256 hash, and the `state` CSRF nonce, neither secret)
+//     and high-level status lines.
+//   - Loopback binds to 127.0.0.1 ONLY (never 0.0.0.0 / localhost) so no other
+//     host on the LAN can hit the callback (RFC 8252 §7.3).
+//   - `state` is compared constant-time; a mismatch is refused as possible CSRF.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generatePkce = generatePkce;
+exports.generateState = generateState;
+exports.consoleUrlFromControl = consoleUrlFromControl;
+exports.openLoopbackServer = openLoopbackServer;
+exports.openBrowser = openBrowser;
+exports.exchangeGrant = exchangeGrant;
+exports.runBrowserLogin = runBrowserLogin;
+const child_process_1 = require("child_process");
+const crypto = __importStar(require("crypto"));
+const http = __importStar(require("http"));
+const os = __importStar(require("os"));
+function generatePkce() {
+    const verifier = crypto.randomBytes(32).toString("base64url");
+    const challenge = crypto.createHash("sha256").update(verifier).digest("base64url");
+    return { verifier, challenge };
+}
+function generateState() {
+    return crypto.randomBytes(16).toString("base64url");
+}
+// Constant-time string compare. crypto.timingSafeEqual requires equal-length
+// buffers, so a length mismatch short-circuits to false (and never throws).
+function safeEqual(a, b) {
+    const ab = Buffer.from(a, "utf8");
+    const bb = Buffer.from(b, "utf8");
+    if (ab.length !== bb.length)
+        return false;
+    return crypto.timingSafeEqual(ab, bb);
+}
+// ---------------------------------------------------------------------------
+// Console URL discovery (assumption table row 2). Inferred from the control URL
+// via a small pair table, overridable by the caller (--console-url / cfg /
+// MEETLESS_CONSOLE_URL, resolved in the command layer). Returns null when no
+// pair matches so the caller can fail loud with a "pass --console-url" hint
+// rather than silently guess a wrong origin.
+//
+// NOTE on the local dev port: the proposal's §6.1 example wrote
+// `127.0.0.1:3006 -> http://127.0.0.1:3030`, but the Console dev server actually
+// listens on 3003 (apps/console/package.json `next dev --port ...:-3003`); 3030
+// appears nowhere in the repo. We use the verified 3003 here. The PRODUCTION pair
+// (control.meetless.ai -> app.meetless.ai) matches DEFAULT_CONTROL_URL /
+// DEFAULT_CONSOLE_URL in config.ts, so a fresh `mla login` against the default
+// backend infers the console URL with no flag. Non-default backends (self-hosted
+// or internal) pass --console-url explicitly, or set MEETLESS_CONSOLE_URL /
+// consoleUrl in cli-config.json; we deliberately keep no extra hardcoded pairs.
+// ---------------------------------------------------------------------------
+const CONTROL_CONSOLE_PAIRS = [
+    { control: /^https?:\/\/(127\.0\.0\.1|localhost):3006(\/|$)/i, console: "http://127.0.0.1:3003" },
+    { control: /^https?:\/\/control\.meetless\.ai(\/|$)/i, console: "https://app.meetless.ai" },
+];
+function consoleUrlFromControl(controlUrl) {
+    const trimmed = controlUrl.trim();
+    for (const pair of CONTROL_CONSOLE_PAIRS) {
+        if (pair.control.test(trimmed))
+            return pair.console;
+    }
+    return null;
+}
+const CLOSE_TAB_HTML = "<!doctype html><html><head><meta charset=utf-8><title>mla login</title></head>" +
+    "<body style=\"font-family:system-ui;margin:3rem;text-align:center\">" +
+    "<h2>You can close this tab.</h2>" +
+    "<p>Return to your terminal; <code>mla login</code> is finishing up.</p>" +
+    "</body></html>";
+function openLoopbackServer(opts) {
+    return new Promise((resolveServer, rejectServer) => {
+        let settled = false;
+        let resolveCb;
+        let rejectCb;
+        const callbackPromise = new Promise((res, rej) => {
+            resolveCb = res;
+            rejectCb = rej;
+        });
+        const server = http.createServer((req, res) => {
+            // Parse against a fixed 127.0.0.1 base; req.url is path+query only.
+            let parsed;
+            try {
+                parsed = new URL(req.url ?? "/", "http://127.0.0.1");
+            }
+            catch {
+                res.writeHead(400, { "Content-Type": "text/plain" });
+                res.end("Bad request");
+                return;
+            }
+            if (req.method !== "GET" || parsed.pathname !== "/callback") {
+                res.writeHead(404, { "Content-Type": "text/plain" });
+                res.end("Not found");
+                return;
+            }
+            const gotState = parsed.searchParams.get("state") ?? "";
+            const code = parsed.searchParams.get("code") ?? "";
+            // Constant-time CSRF check. NEVER log the query string (it carries `code`).
+            if (!safeEqual(gotState, opts.state)) {
+                res.writeHead(400, { "Content-Type": "text/plain" });
+                res.end("State mismatch: possible CSRF; refusing");
+                return;
+            }
+            if (settled) {
+                // Single-shot: a second valid callback is a no-op ack.
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end(CLOSE_TAB_HTML);
+                return;
+            }
+            if (!code) {
+                settled = true;
+                res.writeHead(400, { "Content-Type": "text/plain" });
+                res.end("Missing authorization code");
+                rejectCb(new Error("Loopback callback arrived without an authorization code."));
+                return;
+            }
+            settled = true;
+            res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+            res.end(CLOSE_TAB_HTML);
+            resolveCb({ code });
+        });
+        server.on("error", (err) => {
+            if (!settled) {
+                settled = true;
+                rejectServer(err);
+            }
+        });
+        // port 0 => kernel picks a free port; a caller-supplied port pins it (for
+        // SSH `-L` forwarding under --no-browser). host 127.0.0.1 only.
+        server.listen(opts.port ?? 0, "127.0.0.1", () => {
+            const addr = server.address();
+            if (addr === null || typeof addr === "string") {
+                server.close();
+                rejectServer(new Error("Failed to bind loopback server to 127.0.0.1."));
+                return;
+            }
+            resolveServer({ server, port: addr.port, callbackPromise });
+        });
+    });
+}
+// ---------------------------------------------------------------------------
+// Browser launcher (§6.2). No new dependency; platform-appropriate spawn.
+// Returns the launcher's exit code (0 = launched). A non-zero result is a SOFT
+// fallback, not a failure: the caller prints the URL for manual open and keeps
+// the loopback listening.
+// ---------------------------------------------------------------------------
+function spawnOpener(cmd, args) {
+    return new Promise((resolve) => {
+        try {
+            const child = (0, child_process_1.spawn)(cmd, args, { stdio: "ignore" });
+            child.on("error", () => resolve(127)); // ENOENT / not installed
+            child.on("exit", (code) => resolve(code ?? 0));
+        }
+        catch {
+            resolve(127);
+        }
+    });
+}
+async function openBrowser(url) {
+    const platform = process.platform;
+    if (platform === "darwin")
+        return spawnOpener("open", [url]);
+    if (platform === "win32")
+        return spawnOpener("cmd", ["/c", "start", "", url]);
+    // Linux / *BSD: try xdg-open, then sensible-browser, then $BROWSER.
+    const candidates = ["xdg-open", "sensible-browser"];
+    const envBrowser = process.env.BROWSER;
+    if (envBrowser && envBrowser.trim().length > 0)
+        candidates.push(envBrowser.trim());
+    for (const cmd of candidates) {
+        const code = await spawnOpener(cmd, [url]);
+        if (code === 0)
+            return 0;
+    }
+    return 1;
+}
+// ---------------------------------------------------------------------------
+// Grant exchange (§4.1). Raw fetch with NO Authorization header. We deliberately
+// bypass http.ts's doFetch (which always stamps `Authorization: Bearer`) because
+// control rejects this endpoint with 400 unexpected_authorization_header if any
+// Authorization header is present (§0.01 clause 1).
+// ---------------------------------------------------------------------------
+async function exchangeGrant(controlUrl, code, codeVerifier, timeoutMs = 15000) {
+    const url = `${controlUrl.replace(/\/+$/, "")}/internal/v1/auth/cli-login-grants/exchange`;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const res = await fetch(url, {
+            method: "POST",
+            // Content-Type only; explicitly NO Authorization header.
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ code, codeVerifier }),
+            signal: controller.signal,
+        });
+        const text = await res.text();
+        if (!res.ok) {
+            // Body may name the failure (e.g. invalid_or_expired); surface it without
+            // echoing the request (which holds the code + verifier).
+            throw new Error(`Grant exchange failed: HTTP ${res.status}${text ? `: ${text.slice(0, 300)}` : ""}`);
+        }
+        let parsed;
+        try {
+            parsed = JSON.parse(text);
+        }
+        catch {
+            throw new Error("Grant exchange returned a non-JSON response.");
+        }
+        return assertTokenBundle(parsed);
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+// Minimal structural validation so we never persist a corrupt user-token config.
+function assertTokenBundle(value) {
+    const b = value;
+    if (!b ||
+        typeof b.accessToken !== "string" ||
+        !b.accessToken ||
+        typeof b.refreshToken !== "string" ||
+        !b.refreshToken ||
+        typeof b.sessionId !== "string" ||
+        !b.user ||
+        typeof b.user.id !== "string" ||
+        !b.workspace ||
+        typeof b.workspace.id !== "string") {
+        throw new Error("Grant exchange response was missing required token/identity fields.");
+    }
+    return b;
+}
+// ---------------------------------------------------------------------------
+// Orchestration: runBrowserLogin (public) / runLoopbackLogin (internal).
+// ---------------------------------------------------------------------------
+function buildAuthUrl(consoleUrl, args) {
+    const authUrl = new URL(`${consoleUrl.replace(/\/+$/, "")}/cli/authorize`);
+    authUrl.searchParams.set("state", args.state);
+    authUrl.searchParams.set("code_challenge", args.challenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    authUrl.searchParams.set("redirect_uri", `http://127.0.0.1:${args.port}/callback`);
+    authUrl.searchParams.set("client_id", "mla");
+    authUrl.searchParams.set("machine_hint", os.hostname());
+    authUrl.searchParams.set("os", `${os.type()} ${os.release()}`);
+    return authUrl;
+}
+// A rejecting timer with a cancel handle so the winning branch of Promise.race
+// can clear it (otherwise the timer keeps the event loop alive for 5 minutes).
+function rejectingTimeout(ms, message) {
+    let timer;
+    const promise = new Promise((_resolve, reject) => {
+        timer = setTimeout(() => reject(new Error(message)), ms);
+    });
+    return { promise, cancel: () => clearTimeout(timer) };
+}
+const FIVE_MINUTES_MS = 5 * 60 * 1000;
+async function runBrowserLogin(opts) {
+    const log = opts.log ?? ((m) => console.log(m));
+    const openBrowserFn = opts.openBrowserFn ?? openBrowser;
+    const exchangeFn = opts.exchangeFn ?? exchangeGrant;
+    const timeoutMs = opts.timeoutMs ?? FIVE_MINUTES_MS;
+    const consoleUrl = (opts.consoleUrl && opts.consoleUrl.trim()) || consoleUrlFromControl(opts.controlUrl);
+    if (!consoleUrl) {
+        throw new Error(`Could not infer the Console URL from control URL "${opts.controlUrl}". ` +
+            "Pass --console-url <url> (or set consoleUrl in cli-config.json / MEETLESS_CONSOLE_URL).");
+    }
+    return runLoopbackLogin(opts.controlUrl, consoleUrl, {
+        noBrowser: opts.noBrowser ?? false,
+        port: opts.port,
+        timeoutMs,
+        log,
+        openBrowserFn,
+        exchangeFn,
+    });
+}
+async function runLoopbackLogin(controlUrl, consoleUrl, deps) {
+    const { verifier, challenge } = generatePkce();
+    const state = generateState();
+    const { server, port, callbackPromise } = await openLoopbackServer({ state, port: deps.port });
+    const authUrl = buildAuthUrl(consoleUrl, { state, challenge, port }).toString();
+    const timer = rejectingTimeout(deps.timeoutMs, "Authorization timed out after 5 minutes.");
+    try {
+        if (deps.noBrowser) {
+            deps.log("Open this URL in a browser on this machine to authorize:");
+            deps.log(`  ${authUrl}`);
+        }
+        else {
+            deps.log(`Opening browser to ${authUrl}`);
+            const exit = await deps.openBrowserFn(authUrl);
+            if (exit !== 0) {
+                // Soft fallback within the loopback flow (NOT device-code): the browser
+                // could not be launched, so print the URL and keep listening.
+                deps.log("Could not open a browser automatically. Open this URL manually:");
+                deps.log(`  ${authUrl}`);
+            }
+        }
+        deps.log("Waiting for authorization (up to 5 minutes)...");
+        const { code } = await Promise.race([callbackPromise, timer.promise]);
+        // Exchange the one-time code + PKCE verifier for tokens. No Authorization
+        // header (§0.01 clause 1). NEVER log `code` or `verifier`.
+        const bundle = await deps.exchangeFn(controlUrl, code, verifier);
+        return bundle;
+    }
+    finally {
+        timer.cancel();
+        server.close();
+    }
+}

package/dist/lib/mcp-fetchers.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeControlFetchFromCli = makeControlFetchFromCli;
+exports.makeIntelFetchFromCli = makeIntelFetchFromCli;
+exports.makeIntelAskFromCli = makeIntelAskFromCli;
+const http_1 = require("./http");
+// LLM answer synthesis at /v1/ask routinely runs 15+ seconds (retrieval plus
+// generation), past intelPost's 15s default, which is sized for fast control
+// and intel POSTs. Without its own deadline the AbortController fires mid-flight
+// and the MCP query tool's answer mode returns "This operation was aborted".
+// Give synthesis a generous timeout; override via env for slower models.
+const ASK_SYNTHESIS_TIMEOUT_MS = Number(process.env.MEETLESS_ASK_TIMEOUT_MS) || 60_000;
+const DEFAULT_CONTROL_VERBS = {
+    get: http_1.get,
+    post: http_1.post,
+    patch: http_1.patch,
+};
+const DEFAULT_INTEL_VERBS = {
+    get: http_1.intelGet,
+    post: http_1.intelPost,
+    patch: http_1.intelPatch,
+};
+function parseBody(init) {
+    if (!init || init.body === undefined)
+        return undefined;
+    return JSON.parse(init.body);
+}
+function dispatch(verbs, cfg, pathAndQuery, init) {
+    const method = (init?.method ?? "GET").toUpperCase();
+    switch (method) {
+        case "GET":
+            return verbs.get(cfg, pathAndQuery);
+        case "POST":
+            return verbs.post(cfg, pathAndQuery, parseBody(init));
+        case "PATCH":
+            return verbs.patch(cfg, pathAndQuery, parseBody(init));
+        default:
+            throw new Error(`mcp-fetchers: unsupported method ${method}`);
+    }
+}
+/**
+ * Reactive single-retry refresh: control's verbs auto-refresh internally, but
+ * intel's (intelGet/intelPost/intelPatch) do NOT. So for the intel surface we
+ * wrap the call: on a 401 in user-token mode, rotate the token once
+ * (refreshUserToken mutates cfg.controlToken in place) and retry. Any other
+ * error, or a refresh that did not actually rotate ("expired"/"busy"), is
+ * rethrown untouched so handlers can still read err.status (e.g. kb 404).
+ */
+async function withIntelRefresh(cfg, refresh, fn) {
+    try {
+        return await fn();
+    }
+    catch (err) {
+        const status = err?.status;
+        if (status === 401 && cfg.auth.mode === "user-token") {
+            const outcome = await refresh(cfg);
+            if (outcome === "refreshed") {
+                return await fn();
+            }
+        }
+        throw err;
+    }
+}
+/** Control fetch closure over http.ts (auto-refreshing) bound to this cfg. */
+function makeControlFetchFromCli(cfg, verbs = DEFAULT_CONTROL_VERBS) {
+    return (pathAndQuery, init) => dispatch(verbs, cfg, pathAndQuery, init);
+}
+/** Intel fetch closure over http.ts with a reactive 401 refresh-and-retry. */
+function makeIntelFetchFromCli(cfg, verbs = DEFAULT_INTEL_VERBS, refresh = http_1.refreshUserToken) {
+    return (pathAndQuery, init) => withIntelRefresh(cfg, refresh, () => dispatch(verbs, cfg, pathAndQuery, init));
+}
+/**
+ * /v1/ask closure, byte-compatible with ask_modes.js makeIntelAsk (same payload
+ * keys + defaults: surface "mcp", mode "answer", filters {}, max 8 / min 3,
+ * as_of omitted when absent/null), but posting through http.ts (intelPost) so it
+ * carries the user-token bearer and inherits the same reactive refresh.
+ */
+function makeIntelAskFromCli(cfg, intelPostFn = http_1.intelPost, refresh = http_1.refreshUserToken) {
+    return (params) => {
+        const payload = {
+            workspace_id: params.workspaceId,
+            question: params.question,
+            surface: params.surface ?? "mcp",
+            stream: false,
+            language: params.language ?? "en",
+            thread_text: params.threadText ?? null,
+            mode: params.mode ?? "answer",
+            filters: params.filters ?? {},
+            max_results: params.maxResults ?? 8,
+            min_results: params.minResults ?? 3,
+        };
+        // Keep the body byte-identical to today when no cutoff is supplied.
+        if (params.asOf !== undefined && params.asOf !== null) {
+            payload.as_of = params.asOf;
+        }
+        return withIntelRefresh(cfg, refresh, async () => {
+            try {
+                return await intelPostFn(cfg, "/v1/ask", payload, ASK_SYNTHESIS_TIMEOUT_MS);
+            }
+            catch (err) {
+                if (isSynthesisTimeout(err)) {
+                    throw synthesisTimeoutError();
+                }
+                throw err;
+            }
+        });
+    };
+}
+/**
+ * The deadline fired before synthesis returned. undici rejects an aborted fetch
+ * with a DOMException named "AbortError" (message "This operation was aborted"),
+ * which intelPost rethrows raw. We discriminate on the name, not the message.
+ */
+function isSynthesisTimeout(err) {
+    return err?.name === "AbortError";
+}
+/**
+ * Replaces the cryptic raw "This operation was aborted" with a message that
+ * names the failure and tells the operator what to do. Two real causes produce
+ * this: intel synthesis genuinely ran long, OR this `mla mcp` server process was
+ * spawned before the timeout fix landed and is running stale in-memory code
+ * (Node does not hot-reload dist) — so "restart your editor" is a real remedy.
+ */
+function synthesisTimeoutError() {
+    const secs = Math.round(ASK_SYNTHESIS_TIMEOUT_MS / 1000);
+    return new Error(`Meetless answer synthesis timed out after ${secs}s. Intel may be under ` +
+        `load, or this MCP server process predates the timeout fix (restart your ` +
+        `editor to respawn it). For an immediate result, use mode "search" or the ` +
+        `retrieve_knowledge tool (no synthesis), or raise MEETLESS_ASK_TIMEOUT_MS.`);
+}