@muggleai/works 4.0.3 → 4.1.0

package/README.md

@@ -375,8 +375,8 @@ Data directory structure (~/.muggle-ai/)
 
 ```
 ~/.muggle-ai/
-├── auth.json             # OAuth tokens
-├── credentials.json      # API key for service calls
+├── oauth-session.json    # OAuth tokens (short-lived, auto-refresh)
+├── api-key.json          # Long-lived API key for service calls
 ├── projects/             # Local project cache
 ├── sessions/             # QA sessions
 │   └── {runId}/
@@ -424,7 +424,7 @@ muggle doctor           # Diagnose
 
 ```bash
 muggle logout           # Clear all credentials
-rm ~/.muggle-ai/auth.json ~/.muggle-ai/credentials.json
+rm ~/.muggle-ai/oauth-session.json ~/.muggle-ai/api-key.json
 muggle login            # Fresh login
 ```
 

package/dist/{chunk-BQZQDOXI.js → chunk-PV76IWEX.js}

@@ -39,7 +39,7 @@ var DEFAULT_PROMPT_SERVICE_PRODUCTION_URL = "https://promptservice.muggle-ai.com
 var DEFAULT_PROMPT_SERVICE_DEV_URL = "http://localhost:5050";
 var DEFAULT_WEB_SERVICE_URL = "http://localhost:3001";
 var ELECTRON_APP_DIR = "electron-app";
-var CREDENTIALS_FILE = "credentials.json";
+var API_KEY_FILE = "api-key.json";
 var DEFAULT_AUTH0_PRODUCTION_DOMAIN = "login.muggle-ai.com";
 var DEFAULT_AUTH0_PRODUCTION_CLIENT_ID = "UgG5UjoyLksxMciWWKqVpwfWrJ4rFvtT";
 var DEFAULT_AUTH0_PRODUCTION_AUDIENCE = "https://muggleai.us.auth0.com/api/v2/";
@@ -239,10 +239,10 @@ function getDefaultAuth0Domain() {
 }
 function getDefaultAuth0ClientId() {
   const runtimeTarget = getPromptServiceRuntimeTarget();
-  if (runtimeTarget === "dev") {
-    return DEFAULT_AUTH0_DEV_CLIENT_ID;
+  if (runtimeTarget === "production") {
+    return DEFAULT_AUTH0_PRODUCTION_CLIENT_ID;
   }
-  return DEFAULT_AUTH0_PRODUCTION_CLIENT_ID;
+  return DEFAULT_AUTH0_DEV_CLIENT_ID;
 }
 function getDefaultAuth0Audience() {
   const runtimeTarget = getPromptServiceRuntimeTarget();
@@ -284,8 +284,8 @@ function buildLocalQaConfig() {
     sessionsDir: path2.join(dataDir, "sessions"),
     projectsDir: path2.join(dataDir, "projects"),
     tempDir: path2.join(dataDir, "temp"),
-    credentialsFilePath: path2.join(dataDir, CREDENTIALS_FILE),
-    authFilePath: path2.join(dataDir, "auth.json"),
+    apiKeyFilePath: path2.join(dataDir, API_KEY_FILE),
+    oauthSessionFilePath: path2.join(dataDir, "oauth-session.json"),
     electronAppPath: resolveElectronAppPathOrNull(),
     webServicePath: resolveWebServicePath(),
     webServicePidFile: path2.join(dataDir, "web-service.pid"),
@@ -610,8 +610,8 @@ var TestResultStatus = /* @__PURE__ */ ((TestResultStatus2) => {
 // packages/mcps/src/mcp/local/services/auth-service.ts
 var DEFAULT_LOGIN_WAIT_TIMEOUT_MS = 12e4;
 var AuthService = class {
-  /** Path to the auth file. */
-  authFilePath;
+  /** Path to the OAuth session file. */
+  oauthSessionFilePath;
   /** Path to the pending device code file. */
   pendingDeviceCodePath;
   /**
@@ -619,9 +619,9 @@ var AuthService = class {
    */
   constructor() {
     const config = getConfig();
-    this.authFilePath = config.localQa.authFilePath;
+    this.oauthSessionFilePath = config.localQa.oauthSessionFilePath;
     this.pendingDeviceCodePath = path2.join(
-      path2.dirname(config.localQa.authFilePath),
+      path2.dirname(config.localQa.oauthSessionFilePath),
       "pending-device-code.json"
     );
   }
@@ -931,11 +931,11 @@ var AuthService = class {
       email,
       userId
     };
-    const dir = path2.dirname(this.authFilePath);
+    const dir = path2.dirname(this.oauthSessionFilePath);
     if (!fs3.existsSync(dir)) {
       fs3.mkdirSync(dir, { recursive: true });
     }
-    fs3.writeFileSync(this.authFilePath, JSON.stringify(storedAuth, null, 2), {
+    fs3.writeFileSync(this.oauthSessionFilePath, JSON.stringify(storedAuth, null, 2), {
       encoding: "utf-8",
       mode: 384
     });
@@ -946,11 +946,11 @@ var AuthService = class {
    */
   loadStoredAuth() {
     const logger14 = getLogger();
-    if (!fs3.existsSync(this.authFilePath)) {
+    if (!fs3.existsSync(this.oauthSessionFilePath)) {
       return null;
     }
     try {
-      const content = fs3.readFileSync(this.authFilePath, "utf-8");
+      const content = fs3.readFileSync(this.oauthSessionFilePath, "utf-8");
       return JSON.parse(content);
     } catch (error) {
       logger14.error("Failed to load stored auth", {
@@ -1034,11 +1034,11 @@ var AuthService = class {
         email: storedAuth.email,
         userId: storedAuth.userId
       };
-      const dir = path2.dirname(this.authFilePath);
+      const dir = path2.dirname(this.oauthSessionFilePath);
       if (!fs3.existsSync(dir)) {
         fs3.mkdirSync(dir, { recursive: true });
       }
-      fs3.writeFileSync(this.authFilePath, JSON.stringify(updatedAuth, null, 2), {
+      fs3.writeFileSync(this.oauthSessionFilePath, JSON.stringify(updatedAuth, null, 2), {
         encoding: "utf-8",
         mode: 384
       });
@@ -1090,12 +1090,12 @@ var AuthService = class {
    */
   logout() {
     const logger14 = getLogger();
-    if (!fs3.existsSync(this.authFilePath)) {
+    if (!fs3.existsSync(this.oauthSessionFilePath)) {
       logger14.debug("No auth to clear");
       return false;
     }
     try {
-      fs3.unlinkSync(this.authFilePath);
+      fs3.unlinkSync(this.oauthSessionFilePath);
       logger14.info("Auth cleared successfully");
       return true;
     } catch (error) {
@@ -2380,9 +2380,9 @@ function listActiveExecutions() {
     status: process2.status
   }));
 }
-var CREDENTIALS_FILE2 = "credentials.json";
-function getCredentialsFilePath() {
-  return path2.join(getDataDir(), CREDENTIALS_FILE2);
+var API_KEY_FILE2 = "api-key.json";
+function getApiKeyFilePath() {
+  return path2.join(getDataDir(), API_KEY_FILE2);
 }
 function ensureDataDir() {
   const dataDir = getDataDir();
@@ -2390,95 +2390,85 @@ function ensureDataDir() {
     fs3.mkdirSync(dataDir, { recursive: true });
   }
 }
-function loadCredentials() {
+function loadApiKeyData() {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
-    if (!fs3.existsSync(credentialsPath)) {
-      logger14.debug("No credentials file found", { path: credentialsPath });
+    if (!fs3.existsSync(apiKeyPath)) {
+      logger14.debug("No API key file found", { path: apiKeyPath });
       return null;
     }
-    const content = fs3.readFileSync(credentialsPath, "utf-8");
-    const credentials = JSON.parse(content);
-    if (!credentials.accessToken || !credentials.expiresAt) {
-      logger14.warn("Invalid credentials file - missing required fields");
-      return null;
-    }
-    return credentials;
+    const content = fs3.readFileSync(apiKeyPath, "utf-8");
+    const data = JSON.parse(content);
+    return data;
   } catch (error) {
-    logger14.warn("Failed to load credentials", {
+    logger14.warn("Failed to load API key data", {
       error: error instanceof Error ? error.message : String(error)
     });
     return null;
   }
 }
-function saveCredentials(credentials) {
+function saveApiKeyData(data) {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
     ensureDataDir();
-    const content = JSON.stringify(credentials, null, 2);
-    fs3.writeFileSync(credentialsPath, content, { mode: 384 });
-    logger14.info("Credentials saved", { path: credentialsPath });
+    const content = JSON.stringify(data, null, 2);
+    fs3.writeFileSync(apiKeyPath, content, { mode: 384 });
+    logger14.info("API key saved", { path: apiKeyPath });
   } catch (error) {
-    logger14.error("Failed to save credentials", {
+    logger14.error("Failed to save API key", {
       error: error instanceof Error ? error.message : String(error)
     });
     throw error;
   }
 }
-function deleteCredentials() {
+function deleteApiKeyData() {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
-    if (fs3.existsSync(credentialsPath)) {
-      fs3.unlinkSync(credentialsPath);
-      logger14.info("Credentials deleted", { path: credentialsPath });
+    if (fs3.existsSync(apiKeyPath)) {
+      fs3.unlinkSync(apiKeyPath);
+      logger14.info("API key deleted", { path: apiKeyPath });
     }
   } catch (error) {
-    logger14.warn("Failed to delete credentials", {
+    logger14.warn("Failed to delete API key", {
       error: error instanceof Error ? error.message : String(error)
     });
   }
 }
-function isCredentialsExpired(credentials) {
-  const expiresAt = new Date(credentials.expiresAt);
-  const now = /* @__PURE__ */ new Date();
-  const bufferMs = 5 * 60 * 1e3;
-  return now.getTime() >= expiresAt.getTime() - bufferMs;
-}
-function getValidCredentials() {
-  const credentials = loadCredentials();
-  if (!credentials) {
+function getValidApiKeyData() {
+  const data = loadApiKeyData();
+  if (!data) {
     return null;
   }
-  if (credentials.apiKey) {
-    return credentials;
+  if (data.apiKey) {
+    return data;
   }
   return null;
 }
 function hasApiKey() {
-  const credentials = loadCredentials();
-  return !!credentials?.apiKey;
+  const data = loadApiKeyData();
+  return !!data?.apiKey;
 }
 function getApiKey() {
-  const credentials = loadCredentials();
-  return credentials?.apiKey ?? null;
+  const data = loadApiKeyData();
+  return data?.apiKey ?? null;
 }
 function saveApiKey(params) {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
     ensureDataDir();
-    const credentials = {
+    const data = {
       accessToken: "",
       expiresAt: "",
       apiKey: params.apiKey,
       apiKeyId: params.apiKeyId
     };
-    const content = JSON.stringify(credentials, null, 2);
-    fs3.writeFileSync(credentialsPath, content, { mode: 384 });
-    logger14.info("API key saved", { path: credentialsPath });
+    const content = JSON.stringify(data, null, 2);
+    fs3.writeFileSync(apiKeyPath, content, { mode: 384 });
+    logger14.info("API key saved", { path: apiKeyPath });
   } catch (error) {
     logger14.error("Failed to save API key", {
       error: error instanceof Error ? error.message : String(error)
@@ -2486,6 +2476,11 @@ function saveApiKey(params) {
     throw error;
   }
 }
+var loadCredentials = loadApiKeyData;
+var saveCredentials = saveApiKeyData;
+var deleteCredentials = deleteApiKeyData;
+var getValidCredentials = getValidApiKeyData;
+var getCredentialsFilePath = getApiKeyFilePath;
 
 // packages/mcps/src/shared/auth.ts
 var logger4 = getLogger();
@@ -2694,7 +2689,7 @@ async function performLogin(keyName, keyExpiry = "90d", timeoutMs = 12e4) {
         );
         credentials.apiKey = apiKeyResult.key;
         credentials.apiKeyId = apiKeyResult.id;
-        saveCredentials(credentials);
+        saveApiKeyData(credentials);
       }
       return {
         success: true,
@@ -2731,13 +2726,13 @@ async function performLogin(keyName, keyExpiry = "90d", timeoutMs = 12e4) {
 function performLogout() {
   const authService = getAuthService();
   authService.logout();
-  deleteCredentials();
+  deleteApiKeyData();
   logger4.info("[Auth] Logged out successfully");
 }
 function getCallerCredentials() {
-  const credentials = getValidCredentials();
-  if (credentials?.apiKey) {
-    return { apiKey: credentials.apiKey };
+  const apiKeyData = getValidApiKeyData();
+  if (apiKeyData?.apiKey) {
+    return { apiKey: apiKeyData.apiKey };
   }
   const authService = getAuthService();
   const accessToken = authService.getAccessToken();
@@ -2747,9 +2742,9 @@ function getCallerCredentials() {
   return {};
 }
 async function getCallerCredentialsAsync() {
-  const credentials = getValidCredentials();
-  if (credentials?.apiKey) {
-    return { apiKey: credentials.apiKey };
+  const apiKeyData = getValidApiKeyData();
+  if (apiKeyData?.apiKey) {
+    return { apiKey: apiKeyData.apiKey };
   }
   const authService = getAuthService();
   const accessToken = await authService.getValidAccessToken();
@@ -5466,8 +5461,10 @@ __export(src_exports, {
   calculateFileChecksum: () => calculateFileChecksum,
   createApiKeyWithToken: () => createApiKeyWithToken,
   createChildLogger: () => createChildLogger,
+  deleteApiKeyData: () => deleteApiKeyData,
   deleteCredentials: () => deleteCredentials,
   getApiKey: () => getApiKey,
+  getApiKeyFilePath: () => getApiKeyFilePath,
   getAuthService: () => getAuthService,
   getBundledElectronAppVersion: () => getBundledElectronAppVersion,
   getCallerCredentials: () => getCallerCredentials,
@@ -5485,10 +5482,11 @@ __export(src_exports, {
   getLogger: () => getLogger,
   getPlatformKey: () => getPlatformKey,
   getQaTools: () => getQaTools,
+  getValidApiKeyData: () => getValidApiKeyData,
   getValidCredentials: () => getValidCredentials,
   hasApiKey: () => hasApiKey,
-  isCredentialsExpired: () => isCredentialsExpired,
   isElectronAppInstalled: () => isElectronAppInstalled,
+  loadApiKeyData: () => loadApiKeyData,
   loadCredentials: () => loadCredentials,
   localQa: () => local_exports2,
   mcp: () => mcp_exports,
@@ -5500,6 +5498,7 @@ __export(src_exports, {
   resetConfig: () => resetConfig,
   resetLogger: () => resetLogger,
   saveApiKey: () => saveApiKey,
+  saveApiKeyData: () => saveApiKeyData,
   saveCredentials: () => saveCredentials,
   startDeviceCodeFlow: () => startDeviceCodeFlow,
   toolRequiresAuth: () => toolRequiresAuth,
@@ -6438,7 +6437,7 @@ function getHelpGuidance() {
     `    2. ${colorize("Log in", COLORS.bold)} with your Muggle AI account`,
     `    3. ${colorize("The tool call continues", COLORS.bold)} with your credentials`,
     "",
-    `  Credentials are stored in ${path12("~/.muggle-ai/credentials.json")}`,
+    `  API keys are stored in ${path12("~/.muggle-ai/api-key.json")}`,
     "",
     header("Available MCP Tools"),
     "",
@@ -6455,7 +6454,7 @@ function getHelpGuidance() {
     "",
     `  All data is stored in ${path12("~/.muggle-ai/")}:`,
     "",
-    `    ${path12("credentials.json")}    Auth credentials (auto-generated)`,
+    `    ${path12("api-key.json")}         Long-lived API key (auto-generated)`,
     `    ${path12("projects/")}            Local test projects`,
     `    ${path12("sessions/")}            Test execution sessions`,
     `    ${path12("electron-app/")}        Downloaded Electron app binaries`,

package/dist/cli.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { runCli } from './chunk-BQZQDOXI.js';
+import { runCli } from './chunk-PV76IWEX.js';
 
 // src/cli/main.ts
 runCli().catch((error) => {

package/dist/index.js

@@ -1 +1 @@
-export { src_exports2 as commands, createChildLogger, createUnifiedMcpServer, getConfig, getLocalQaTools, getLogger, getQaTools, local_exports as localQa, mcp_exports as mcp, qa_exports as qa, server_exports as server, src_exports as shared } from './chunk-BQZQDOXI.js';
+export { src_exports2 as commands, createChildLogger, createUnifiedMcpServer, getConfig, getLocalQaTools, getLogger, getQaTools, local_exports as localQa, mcp_exports as mcp, qa_exports as qa, server_exports as server, src_exports as shared } from './chunk-PV76IWEX.js';

package/dist/plugin/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "muggle",
   "description": "Run real-browser QA tests on your web app from any AI coding agent. Generate test scripts from plain English, replay them on localhost, capture screenshots, and validate user flows like signup, checkout, and dashboards. Works across Claude Code, Cursor, Codex, and Windsurf.",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/dist/plugin/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "muggle",
   "displayName": "Muggle AI",
   "description": "Ship quality products with AI-powered QA that validates your app's user experience — from Claude Code and Cursor to PR.",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@muggleai/works",
     "mcpName": "io.github.multiplex-ai/muggle",
-    "version": "4.0.3",
+    "version": "4.1.0",
     "description": "Ship quality products with AI-powered QA that validates your app's user experience — from Claude Code and Cursor to PR.",
     "type": "module",
     "main": "dist/index.js",

package/plugin/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "muggle",
   "description": "Run real-browser QA tests on your web app from any AI coding agent. Generate test scripts from plain English, replay them on localhost, capture screenshots, and validate user flows like signup, checkout, and dashboards. Works across Claude Code, Cursor, Codex, and Windsurf.",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/plugin/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "muggle",
   "displayName": "Muggle AI",
   "description": "Ship quality products with AI-powered QA that validates your app's user experience — from Claude Code and Cursor to PR.",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"