@mysten-incubation/memwal-mcp 0.0.1-dev.0

package/dist/auth-required.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Run the auth-required stdio MCP server. Returns when stdin closes.
+ */
+export declare function runAuthRequiredServer(): Promise<void>;
+//# sourceMappingURL=auth-required.d.ts.map

package/dist/auth-required.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-required.d.ts","sourceRoot":"","sources":["../src/auth-required.ts"],"names":[],"mappings":"AAiIA;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC,CAiE3D"}

package/dist/auth-required.js

@@ -0,0 +1,175 @@
+/**
+ * "Auth-required" stdio MCP server — run when ~/.memwal/credentials.json is
+ * missing but the package was spawned by an MCP client (Cursor / Claude
+ * Desktop / etc.).
+ *
+ * Instead of exiting (which makes the MCP client show a cryptic
+ * "Failed to start server" error that the user can't act on), we boot a
+ * minimal MCP server that:
+ *
+ *   - Responds to `initialize` so the client sees a healthy server.
+ *   - Advertises the 4 real MemWal tools in `tools/list` so the agent
+ *     knows what's available.
+ *   - Returns an `isError: true` envelope on any `tools/call` with a
+ *     friendly login instruction inline in the chat.
+ *
+ * This is a Phase B (current) compromise — Phase B.5 will replace it with
+ * the MCP OAuth flow so the client's host drives the browser dance and
+ * retries the tool call automatically (no client restart needed).
+ */
+import { log } from "./logger.js";
+const TOOL_DEFINITIONS = [
+    {
+        name: "memwal_remember",
+        description: "Save a fact to the user's MemWal personal memory. Call ONLY when the user explicitly asks to remember/save something. Pass the full, detailed text — never summarize.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                text: { type: "string", minLength: 1 },
+                namespace: { type: "string" },
+            },
+            required: ["text"],
+            additionalProperties: false,
+        },
+    },
+    {
+        name: "memwal_recall",
+        description: "Search the user's MemWal memory for facts relevant to a query. Returns matching memories ranked by relevance.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                query: { type: "string", minLength: 1 },
+                limit: { type: "integer", minimum: 1, maximum: 100, default: 10 },
+                namespace: { type: "string" },
+            },
+            required: ["query"],
+            additionalProperties: false,
+        },
+    },
+    {
+        name: "memwal_analyze",
+        description: "Extract memorable facts from a passage of text (preferences, habits, biographical info, constraints) and save each as a separate MemWal memory.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                text: { type: "string", minLength: 1 },
+                namespace: { type: "string" },
+            },
+            required: ["text"],
+            additionalProperties: false,
+        },
+    },
+    {
+        name: "memwal_restore",
+        description: "Re-index a namespace from Walrus blobs back into the relayer's search index. Returns counts only.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                namespace: { type: "string", minLength: 1 },
+                limit: { type: "integer", minimum: 1, maximum: 500, default: 50 },
+            },
+            required: ["namespace"],
+            additionalProperties: false,
+        },
+    },
+];
+const LOGIN_INSTRUCTION = [
+    "❌ MemWal isn't signed in yet.",
+    "",
+    "To connect this MCP client to your MemWal memory, run **once** in a terminal:",
+    "",
+    "    npx -y @mysten-incubation/memwal-mcp login",
+    "",
+    "(or `npx -y @mysten-incubation/memwal-mcp login --local` / `--dev` to point at a non-prod env)",
+    "",
+    "A browser tab will open — click **Connect Sui Wallet** and approve the on-chain ",
+    "`add_delegate_key` transaction. The flow takes about 30 seconds.",
+    "",
+    "After login completes, restart this MCP client so it picks up the new credentials ",
+    "at `~/.memwal/credentials.json`. You won't need to do this again unless you revoke ",
+    "the delegate key from the dashboard.",
+].join("\n");
+function writeStdoutMessage(msg) {
+    process.stdout.write(JSON.stringify(msg) + "\n");
+}
+function readStdinLines(onLine) {
+    return new Promise((resolve) => {
+        let buf = "";
+        process.stdin.setEncoding("utf8");
+        process.stdin.on("data", (chunk) => {
+            buf += chunk;
+            let nl;
+            while ((nl = buf.indexOf("\n")) >= 0) {
+                const line = buf.slice(0, nl).replace(/\r$/, "");
+                buf = buf.slice(nl + 1);
+                if (line.length > 0)
+                    onLine(line);
+            }
+        });
+        process.stdin.on("end", () => resolve());
+        process.stdin.on("close", () => resolve());
+    });
+}
+/**
+ * Run the auth-required stdio MCP server. Returns when stdin closes.
+ */
+export async function runAuthRequiredServer() {
+    log.info("auth_required_server.started", {});
+    await readStdinLines((line) => {
+        let req;
+        try {
+            req = JSON.parse(line);
+        }
+        catch {
+            return;
+        }
+        // Notifications don't need a response.
+        if (req.id == null && typeof req.method === "string") {
+            return;
+        }
+        const id = req.id ?? null;
+        const method = req.method;
+        if (method === "initialize") {
+            writeStdoutMessage({
+                jsonrpc: "2.0",
+                id,
+                result: {
+                    protocolVersion: "2024-11-05",
+                    capabilities: { tools: { listChanged: false } },
+                    serverInfo: { name: "memwal", version: "0.0.1" },
+                },
+            });
+            return;
+        }
+        if (method === "tools/list") {
+            writeStdoutMessage({
+                jsonrpc: "2.0",
+                id,
+                result: { tools: TOOL_DEFINITIONS },
+            });
+            return;
+        }
+        if (method === "tools/call") {
+            writeStdoutMessage({
+                jsonrpc: "2.0",
+                id,
+                result: {
+                    content: [{ type: "text", text: LOGIN_INSTRUCTION }],
+                    isError: true,
+                },
+            });
+            return;
+        }
+        // Anything else — return Method not found per JSON-RPC.
+        writeStdoutMessage({
+            jsonrpc: "2.0",
+            id,
+            error: {
+                code: -32601,
+                message: `Method not found: ${method ?? "(missing)"}`,
+            },
+        });
+    });
+    log.info("auth_required_server.closed", {});
+}
+//# sourceMappingURL=auth-required.js.map

package/dist/auth-required.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-required.js","sourceRoot":"","sources":["../src/auth-required.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAWlC,MAAM,gBAAgB,GAAG;IACrB;QACI,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACP,uKAAuK;QAC3K,WAAW,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACR,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACtC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aAChC;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;YAClB,oBAAoB,EAAE,KAAK;SAC9B;KACJ;IACD;QACI,IAAI,EAAE,eAAe;QACrB,WAAW,EACP,+GAA+G;QACnH,WAAW,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACR,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACvC,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE;gBACjE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aAChC;YACD,QAAQ,EAAE,CAAC,OAAO,CAAC;YACnB,oBAAoB,EAAE,KAAK;SAC9B;KACJ;IACD;QACI,IAAI,EAAE,gBAAgB;QACtB,WAAW,EACP,iJAAiJ;QACrJ,WAAW,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACR,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBACtC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aAChC;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;YAClB,oBAAoB,EAAE,KAAK;SAC9B;KACJ;IACD;QACI,IAAI,EAAE,gBAAgB;QACtB,WAAW,EACP,mGAAmG;QACvG,WAAW,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACR,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;gBAC3C,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE;aACpE;YACD,QAAQ,EAAE,CAAC,WAAW,CAAC;YACvB,oBAAoB,EAAE,KAAK;SAC9B;KACJ;CACJ,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACtB,+BAA+B;IAC/B,EAAE;IACF,+EAA+E;IAC/E,EAAE;IACF,gDAAgD;IAChD,EAAE;IACF,gGAAgG;IAChG,EAAE;IACF,kFAAkF;IAClF,kEAAkE;IAClE,EAAE;IACF,oFAAoF;IACpF,qFAAqF;IACrF,sCAAsC;CACzC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,SAAS,kBAAkB,CAAC,GAAe;IACvC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,MAA8B;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACvC,GAAG,IAAI,KAAK,CAAC;YACb,IAAI,EAAU,CAAC;YACf,OAAO,CAAC,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBACjD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACxB,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;oBAAE,MAAM,CAAC,IAAI,CAAC,CAAC;YACtC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACvC,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,CAAC,CAAC;IAE7C,MAAM,cAAc,CAAC,CAAC,IAAI,EAAE,EAAE;QAC1B,IAAI,GAAe,CAAC;QACpB,IAAI,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACL,OAAO;QACX,CAAC;QAED,uCAAuC;QACvC,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACnD,OAAO;QACX,CAAC;QAED,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QAE1B,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC1B,kBAAkB,CAAC;gBACf,OAAO,EAAE,KAAK;gBACd,EAAE;gBACF,MAAM,EAAE;oBACJ,eAAe,EAAE,YAAY;oBAC7B,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE;oBAC/C,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE;iBACnD;aACJ,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC1B,kBAAkB,CAAC;gBACf,OAAO,EAAE,KAAK;gBACd,EAAE;gBACF,MAAM,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE;aACtC,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC1B,kBAAkB,CAAC;gBACf,OAAO,EAAE,KAAK;gBACd,EAAE;gBACF,MAAM,EAAE;oBACJ,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;oBACpD,OAAO,EAAE,IAAI;iBAChB;aACJ,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,wDAAwD;QACxD,kBAAkB,CAAC;YACf,OAAO,EAAE,KAAK;YACd,EAAE;YACF,KAAK,EAAE;gBACH,IAAI,EAAE,CAAC,KAAK;gBACZ,OAAO,EAAE,qBAAqB,MAAM,IAAI,WAAW,EAAE;aACxD;SACJ,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,30 @@
+export interface MemWalCredentials {
+    /** 64-hex Ed25519 private key seed (32 bytes). NEVER log this. */
+    delegatePrivateKey: string;
+    /** 64-hex Ed25519 public key derived from the seed. Safe to display. */
+    delegatePublicKeyHex: string;
+    /** 0x-prefixed 64-hex Sui address derived from the delegate public key. */
+    delegateAddress: string;
+    /** 0x-prefixed Sui wallet address that signed the add_delegate_key tx. */
+    walletAddress: string;
+    /** 0x-prefixed MemWalAccount object id this delegate is registered against. */
+    accountId: string;
+    /** 0x-prefixed MemWal package id the account lives in. */
+    packageId: string;
+    /** Relayer base URL the bridge should connect to. */
+    relayerUrl: string;
+    /** Human-readable label, e.g. "Cursor MCP" — surfaced in dashboard. */
+    label?: string;
+    /** ISO timestamp credentials were saved. */
+    createdAt: string;
+    /** Schema version — bump when we change shape. */
+    version: 1;
+}
+export declare function credsPath(): string;
+/** Load credentials from disk. Returns null if missing or malformed. */
+export declare function loadCreds(): MemWalCredentials | null;
+/** Write credentials with secure (`0600`) permission. */
+export declare function saveCreds(creds: MemWalCredentials): void;
+/** Delete credentials. No-op if the file does not exist. */
+export declare function clearCreds(): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,iBAAiB;IAC9B,kEAAkE;IAClE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,wEAAwE;IACxE,oBAAoB,EAAE,MAAM,CAAC;IAC7B,2EAA2E;IAC3E,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IACtB,+EAA+E;IAC/E,SAAS,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,SAAS,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,UAAU,EAAE,MAAM,CAAC;IACnB,uEAAuE;IACvE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,OAAO,EAAE,CAAC,CAAC;CACd;AAKD,wBAAgB,SAAS,IAAI,MAAM,CAElC;AAED,wEAAwE;AACxE,wBAAgB,SAAS,IAAI,iBAAiB,GAAG,IAAI,CAUpD;AAED,yDAAyD;AACzD,wBAAgB,SAAS,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAUxD;AAED,4DAA4D;AAC5D,wBAAgB,UAAU,IAAI,IAAI,CAQjC"}

package/dist/auth.js

@@ -0,0 +1,75 @@
+/**
+ * Credentials persistence — `~/.memwal/credentials.json`.
+ *
+ * The file is created with mode `0600` so it's only readable by the owning
+ * user; the delegate private key inside is sensitive (compromise lets an
+ * attacker write/read the user's memories until revoked from the
+ * dashboard).
+ *
+ * Format mirrors Walcraft's `credentials.json` so existing tooling +
+ * documentation patterns transfer cleanly.
+ */
+import { homedir } from "node:os";
+import { join, dirname } from "node:path";
+import { mkdirSync, readFileSync, writeFileSync, chmodSync, unlinkSync, existsSync } from "node:fs";
+const CREDS_DIR = join(homedir(), ".memwal");
+const CREDS_PATH = join(CREDS_DIR, "credentials.json");
+export function credsPath() {
+    return CREDS_PATH;
+}
+/** Load credentials from disk. Returns null if missing or malformed. */
+export function loadCreds() {
+    if (!existsSync(CREDS_PATH))
+        return null;
+    try {
+        const raw = readFileSync(CREDS_PATH, "utf8");
+        const parsed = JSON.parse(raw);
+        if (!isValid(parsed))
+            return null;
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+/** Write credentials with secure (`0600`) permission. */
+export function saveCreds(creds) {
+    mkdirSync(dirname(CREDS_PATH), { recursive: true, mode: 0o700 });
+    writeFileSync(CREDS_PATH, JSON.stringify(creds, null, 2), { encoding: "utf8", mode: 0o600 });
+    // writeFileSync's `mode` argument is only honored on file creation; ensure
+    // the permission on an existing file matches.
+    try {
+        chmodSync(CREDS_PATH, 0o600);
+    }
+    catch {
+        /* Windows etc. — best effort */
+    }
+}
+/** Delete credentials. No-op if the file does not exist. */
+export function clearCreds() {
+    if (existsSync(CREDS_PATH)) {
+        try {
+            unlinkSync(CREDS_PATH);
+        }
+        catch {
+            /* swallow */
+        }
+    }
+}
+function isValid(obj) {
+    if (!obj || typeof obj !== "object")
+        return false;
+    const c = obj;
+    return (typeof c.delegatePrivateKey === "string" &&
+        /^[0-9a-fA-F]{64}$/.test(c.delegatePrivateKey) &&
+        typeof c.delegatePublicKeyHex === "string" &&
+        typeof c.delegateAddress === "string" &&
+        typeof c.walletAddress === "string" &&
+        typeof c.accountId === "string" &&
+        /^0x[0-9a-fA-F]{64}$/.test(c.accountId) &&
+        typeof c.packageId === "string" &&
+        typeof c.relayerUrl === "string" &&
+        typeof c.createdAt === "string" &&
+        c.version === 1);
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAyBpG,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAEvD,MAAM,UAAU,SAAS;IACrB,OAAO,UAAU,CAAC;AACtB,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,SAAS;IACrB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC;QACD,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,OAAO,MAA2B,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,SAAS,CAAC,KAAwB;IAC9C,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjE,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7F,2EAA2E;IAC3E,8CAA8C;IAC9C,IAAI,CAAC;QACD,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACL,gCAAgC;IACpC,CAAC;AACL,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,UAAU;IACtB,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACD,UAAU,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACL,aAAa;QACjB,CAAC;IACL,CAAC;AACL,CAAC;AAED,SAAS,OAAO,CAAC,GAAY;IACzB,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,OAAO,CACH,OAAO,CAAC,CAAC,kBAAkB,KAAK,QAAQ;QACxC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC;QAC9C,OAAO,CAAC,CAAC,oBAAoB,KAAK,QAAQ;QAC1C,OAAO,CAAC,CAAC,eAAe,KAAK,QAAQ;QACrC,OAAO,CAAC,CAAC,aAAa,KAAK,QAAQ;QACnC,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QACvC,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,CAAC,CAAC,OAAO,KAAK,CAAC,CAClB,CAAC;AACN,CAAC"}

package/dist/bin/memwal-mcp.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=memwal-mcp.d.ts.map

package/dist/bin/memwal-mcp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memwal-mcp.d.ts","sourceRoot":"","sources":["../../src/bin/memwal-mcp.ts"],"names":[],"mappings":""}

package/dist/bin/memwal-mcp.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+import { main } from "../index.js";
+main().catch((err) => {
+    process.stderr.write(`[memwal-mcp] fatal: ${err?.message ?? String(err)}\n`);
+    if (err?.stack && process.env.MEMWAL_MCP_DEBUG) {
+        process.stderr.write(err.stack + "\n");
+    }
+    process.exit(1);
+});
+//# sourceMappingURL=memwal-mcp.js.map

package/dist/bin/memwal-mcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memwal-mcp.js","sourceRoot":"","sources":["../../src/bin/memwal-mcp.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAEnC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7E,IAAI,GAAG,EAAE,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}

package/dist/bridge.d.ts

@@ -0,0 +1,28 @@
+/**
+ * stdio ↔ remote-SSE bridge.
+ *
+ * The MCP client (Cursor, Claude Desktop, etc.) speaks **stdio** MCP — JSON
+ * lines on stdin, JSON lines on stdout. The MemWal relayer speaks **remote
+ * SSE** MCP at `/api/mcp/sse` + `/api/mcp/messages`. This module glues the
+ * two together so the user only adds a `command + args` entry to their MCP
+ * client config (no headers, no URL).
+ *
+ * On 401 from the relayer, we surface a clear error to the MCP client but
+ * leave the local credentials file untouched. A naive `clearCreds()` here
+ * was a creds-wipe DoS: anyone able to coerce a 401 response (transient WAF
+ * rule, future http_proxy MITM, local malware racing the relayer port on
+ * `--local`) would have wiped the user's saved seed without consent.
+ * Re-auth requires an explicit `memwal-mcp login` from the user.
+ */
+import type { MemWalCredentials } from "./auth.js";
+/**
+ * Open the SSE bridge and forward stdio ↔ relayer until stdin closes.
+ *
+ * On SSE drop (idle timeout in the Rust proxy / undici keep-alive / network
+ * blip), we transparently reopen the stream — the relayer issues a fresh
+ * sessionId, we route subsequent POSTs there. stdin stays open the whole
+ * time, so the MCP client (Cursor / Claude Desktop / etc.) never sees the
+ * reconnection.
+ */
+export declare function runBridge(creds: MemWalCredentials): Promise<void>;
+//# sourceMappingURL=bridge.d.ts.map

package/dist/bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bridge.d.ts","sourceRoot":"","sources":["../src/bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAmOnD;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqIvE"}