npm - @neurynae/toolcairn-mcp - Versions diffs - 0.10.12 → 0.10.13 - Mend

@neurynae/toolcairn-mcp 0.10.12 → 0.10.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -336,8 +336,8 @@ var require_logger = __commonJS({
       return mod && mod.__esModule ? mod : { "default": mod };
     };
     Object.defineProperty(exports, "__esModule", { value: true });
-    exports.createMcpLogger = createMcpLogger27;
-    exports.createLogger = createMcpLogger27;
+    exports.createMcpLogger = createMcpLogger28;
+    exports.createLogger = createMcpLogger28;
     var node_os_1 = __require("os");
     var node_path_1 = __require("path");
     var pino_1 = __importDefault(__require("pino"));
@@ -361,7 +361,7 @@ var require_logger = __commonJS({
       "*.apiKey",
       "*.api_key"
     ];
-    function createMcpLogger27(opts) {
+    function createMcpLogger28(opts) {
       const level = opts.level ?? process.env.LOG_LEVEL ?? (process.env.NODE_ENV !== "production" ? "debug" : "info");
       const pinoOpts = {
         name: opts.name,
@@ -407,14 +407,14 @@ var require_mcp_error_wrapper = __commonJS({
     exports.withErrorHandling = withErrorHandling2;
     var error_codes_js_1 = require_error_codes();
     var errors_js_1 = require_errors();
-    function withErrorHandling2(toolName, logger27, handler) {
+    function withErrorHandling2(toolName, logger28, handler) {
       return async (args) => {
         try {
           return await handler(args);
         } catch (err) {
           if (err instanceof errors_js_1.AppError) {
             const logLevel = err.severity === "critical" || err.severity === "high" ? "error" : "warn";
-            logger27[logLevel]({ err, tool: toolName }, `Tool ${toolName} failed: ${err.message}`);
+            logger28[logLevel]({ err, tool: toolName }, `Tool ${toolName} failed: ${err.message}`);
             return {
               content: [
                 {
@@ -429,7 +429,7 @@ var require_mcp_error_wrapper = __commonJS({
               isError: true
             };
           }
-          logger27.error({ err, tool: toolName }, `Unexpected error in tool ${toolName}`);
+          logger28.error({ err, tool: toolName }, `Unexpected error in tool ${toolName}`);
           return {
             content: [
               {
@@ -512,7 +512,7 @@ var require_dist2 = __commonJS({
 // src/index.prod.ts
 init_esm_shims();
 var import_config5 = __toESM(require_dist(), 1);
-var import_errors28 = __toESM(require_dist2(), 1);
+var import_errors29 = __toESM(require_dist2(), 1);
 import { McpServer as McpServer2 } from "@modelcontextprotocol/sdk/server/mcp.js";
 // ../../packages/remote/dist/index.js
@@ -939,7 +939,7 @@ async function pollForToken(apiUrl, deviceCode, intervalSec) {
   }
 }
 function sleep(ms) {
-  return new Promise((resolve4) => setTimeout(resolve4, ms));
+  return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
 // src/index.prod.ts
@@ -1316,10 +1316,33 @@ async function writeConfig(projectRoot, config5) {
 init_esm_shims();
 var import_errors6 = __toESM(require_dist2(), 1);
 import { appendFile, mkdir as mkdir3, readFile as readFile3, rm, writeFile as writeFile2 } from "fs/promises";
+import lockfile from "proper-lockfile";
 import writeFileAtomic2 from "write-file-atomic";
+// ../../packages/tools-local/dist/config-store/skeleton.js
+init_esm_shims();
+function emptySkeleton(name = "") {
+  return {
+    version: "1.2",
+    project: {
+      name,
+      languages: [],
+      frameworks: [],
+      subprojects: []
+    },
+    tools: {
+      confirmed: [],
+      pending_evaluation: [],
+      unknown_in_graph: []
+    },
+    last_audit_entry: null
+  };
+}
+// ../../packages/tools-local/dist/config-store/audit.js
 var logger4 = (0, import_errors6.createMcpLogger)({ name: "@toolcairn/tools:audit-log" });
-var MAX_LIVE_ENTRIES = 1e3;
-var ARCHIVE_BATCH = 500;
+var MAX_LIVE_ENTRIES = 5e3;
+var ARCHIVE_BATCH = 2500;
 async function appendAudit(projectRoot, entry) {
   await mkdir3(joinConfigDir(projectRoot), { recursive: true });
   const auditPath = joinAuditPath(projectRoot);
@@ -1338,6 +1361,49 @@ async function bulkAppendAudit(projectRoot, entries) {
   await appendFile(auditPath, payload, "utf-8");
   await rotateIfNeeded(projectRoot, auditPath);
 }
+async function appendToolCallAudit(projectRoot, entry) {
+  try {
+    await ensureLockable(projectRoot);
+  } catch (err) {
+    logger4.debug({ err, projectRoot }, "audit-log: bootstrap skipped (read-only?) \u2014 abandoning");
+    return;
+  }
+  const configPath = joinConfigPath(projectRoot);
+  let release = null;
+  try {
+    release = await lockfile.lock(configPath, {
+      stale: 1e4,
+      retries: { retries: 5, minTimeout: 50, factor: 2, maxTimeout: 500 },
+      realpath: false
+    });
+    await appendAudit(projectRoot, entry);
+  } catch (err) {
+    logger4.warn({ err, projectRoot }, "audit-log: tool-call append failed");
+  } finally {
+    if (release) {
+      try {
+        await release();
+      } catch (err) {
+        logger4.debug({ err }, "audit-log: lock release failed (likely already stale)");
+      }
+    }
+  }
+}
+async function ensureLockable(projectRoot) {
+  await mkdir3(joinConfigDir(projectRoot), { recursive: true });
+  const configPath = joinConfigPath(projectRoot);
+  if (!await fileExists(configPath)) {
+    await writeFile2(configPath, `${JSON.stringify(emptySkeleton(), null, 2)}
+`, "utf-8");
+  }
+}
+async function readLiveAudit(projectRoot) {
+  const auditPath = joinAuditPath(projectRoot);
+  if (!await fileExists(auditPath))
+    return [];
+  const raw = await readFile3(auditPath, "utf-8");
+  return parseJsonl(raw);
+}
 async function rotateIfNeeded(projectRoot, auditPath) {
   const raw = await readFile3(auditPath, "utf-8");
   const lines = raw.split("\n").filter((l) => l.trim().length > 0);
@@ -1357,6 +1423,18 @@ async function rotateIfNeeded(projectRoot, auditPath) {
     logger4.warn({ err, auditPath, archivePath }, "Audit-log rotation failed \u2014 live file intact");
   }
 }
+function parseJsonl(raw) {
+  const out = [];
+  for (const line of raw.split("\n")) {
+    if (!line.trim())
+      continue;
+    try {
+      out.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  return out;
+}
 // ../../packages/tools-local/dist/config-store/migrate.js
 init_esm_shims();
@@ -1429,35 +1507,13 @@ async function migrateToV1_2(config5, projectRoot) {
 init_esm_shims();
 var import_errors7 = __toESM(require_dist2(), 1);
 import { mkdir as mkdir4, writeFile as writeFile3 } from "fs/promises";
-import lockfile from "proper-lockfile";
-// ../../packages/tools-local/dist/config-store/skeleton.js
-init_esm_shims();
-function emptySkeleton(name = "") {
-  return {
-    version: "1.2",
-    project: {
-      name,
-      languages: [],
-      frameworks: [],
-      subprojects: []
-    },
-    tools: {
-      confirmed: [],
-      pending_evaluation: [],
-      unknown_in_graph: []
-    },
-    last_audit_entry: null
-  };
-}
-// ../../packages/tools-local/dist/config-store/mutate.js
+import lockfile2 from "proper-lockfile";
 var logger5 = (0, import_errors7.createMcpLogger)({ name: "@toolcairn/tools:config-store" });
 async function mutateConfig(projectRoot, mutator, audit) {
   const configPath = joinConfigPath(projectRoot);
   const preExisted = await fileExists(configPath);
   await ensureLockableDir(projectRoot);
-  const release = await lockfile.lock(configPath, {
+  const release = await lockfile2.lock(configPath, {
     stale: 1e4,
     retries: { retries: 5, minTimeout: 50, factor: 2, maxTimeout: 500 },
     realpath: false
@@ -4797,6 +4853,39 @@ init_esm_shims();
 var import_errors22 = __toESM(require_dist2(), 1);
 var logger20 = (0, import_errors22.createMcpLogger)({ name: "@toolcairn/tools:read-project-config" });
 var STALENESS_THRESHOLD_DAYS = 90;
+var PENDING_OUTCOME_TTL_DAYS = 7;
+var RECOMMENDATION_MCP_TOOLS = /* @__PURE__ */ new Set([
+  "search_tools",
+  "search_tools_respond",
+  "get_stack"
+]);
+function derivePendingOutcomes(entries) {
+  const cutoff = Date.now() - PENDING_OUTCOME_TTL_DAYS * 24 * 60 * 60 * 1e3;
+  const open = /* @__PURE__ */ new Map();
+  for (const e of entries) {
+    if (e.action !== "tool_call" || !e.query_id)
+      continue;
+    if (e.status === "error")
+      continue;
+    const ts = Date.parse(e.timestamp);
+    if (Number.isNaN(ts) || ts < cutoff)
+      continue;
+    if (e.mcp_tool && RECOMMENDATION_MCP_TOOLS.has(e.mcp_tool)) {
+      const queryFromMeta = typeof e.metadata?.query === "string" ? e.metadata.query : typeof e.metadata?.use_case === "string" ? e.metadata.use_case : null;
+      open.set(e.query_id, {
+        query_id: e.query_id,
+        mcp_tool: e.mcp_tool,
+        selected_at: e.timestamp,
+        age_hours: Math.round((Date.now() - ts) / (1e3 * 60 * 60)),
+        candidates: e.candidates ?? [],
+        query: queryFromMeta
+      });
+    } else if (e.mcp_tool === "report_outcome") {
+      open.delete(e.query_id);
+    }
+  }
+  return Array.from(open.values()).sort((a, b) => Date.parse(a.selected_at) - Date.parse(b.selected_at));
+}
 function daysSince(isoDate) {
   return (Date.now() - new Date(isoDate).getTime()) / (1e3 * 60 * 60 * 24);
 }
@@ -4843,6 +4932,13 @@ async function handleReadProjectConfig(args) {
     });
     const non_oss_tools = config5.tools.confirmed.filter((t) => t.source === "non_oss").map((t) => t.name);
     const unknown_tools = (config5.tools.unknown_in_graph ?? []).filter((t) => !t.suggested);
+    let pending_outcomes = [];
+    try {
+      const auditEntries = await readLiveAudit(args.project_root);
+      pending_outcomes = derivePendingOutcomes(auditEntries);
+    } catch (err) {
+      logger20.debug({ err }, "pending_outcomes derivation skipped (audit-log unreadable)");
+    }
     const toolcairn_indexed_tools = config5.tools.confirmed.filter((t) => t.source === "toolcairn" || t.source === "toolpilot").map((t) => t.name);
     const include_locations = args.include_locations === true;
     const confirmed_tools_detail = include_locations ? config5.tools.confirmed.map((t) => ({
@@ -4862,7 +4958,8 @@ async function handleReadProjectConfig(args) {
       "When recommending tools, skip any already in confirmed_tools.",
       non_oss_tools.length > 0 ? `Non-OSS tools in project (handle separately): ${non_oss_tools.join(", ")}` : "",
       staleTools.length > 0 ? `Tools that may be stale \u2014 worth re-checking: ${staleTools.map((t) => t.name).join(", ")}` : "",
-      unknown_tools.length > 0 ? `Unknown-to-graph tools awaiting submission (${unknown_tools.length}): ${unknown_tools.map((t) => t.name).join(", ")}. BEFORE answering the user, call suggest_graph_update (suggestion_type="new_tool", data.tools=<this list>) to STAGE them for admin review, then update_project_config action="mark_suggestions_sent" with the successful tool_names.` : ""
+      unknown_tools.length > 0 ? `Unknown-to-graph tools awaiting submission (${unknown_tools.length}): ${unknown_tools.map((t) => t.name).join(", ")}. BEFORE answering the user, call suggest_graph_update (suggestion_type="new_tool", data.tools=<this list>) to STAGE them for admin review, then update_project_config action="mark_suggestions_sent" with the successful tool_names.` : "",
+      pending_outcomes.length > 0 ? `Pending outcomes (${pending_outcomes.length}) \u2014 recommendations the user used but you have not yet reported on. As soon as the user uses (or replaces) one of the suggested tools, call report_outcome with the matching query_id: ${pending_outcomes.map((p) => `${p.query_id} (${p.mcp_tool}, ${p.age_hours}h ago${p.candidates.length > 0 ? `, candidates: ${p.candidates.slice(0, 3).join("/")}` : ""})`).join("; ")}.` : ""
     ].filter(Boolean);
     return okResult({
       status: "ready",
@@ -4883,6 +4980,8 @@ async function handleReadProjectConfig(args) {
       total_confirmed: confirmedToolNames.length,
       total_pending: pendingToolNames.length,
       total_unknown_undrained: unknown_tools.length,
+      pending_outcomes,
+      total_pending_outcomes: pending_outcomes.length,
       last_audit_entry: config5.last_audit_entry ?? null,
       scan_metadata: config5.scan_metadata ?? null,
       confirmed_tools_detail,
@@ -5699,17 +5798,243 @@ async function createIfAbsent(filePath, content, label) {
 // src/server.prod.ts
 init_esm_shims();
 var import_config3 = __toESM(require_dist(), 1);
-var import_errors27 = __toESM(require_dist2(), 1);
+var import_errors28 = __toESM(require_dist2(), 1);
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z as z2 } from "zod";
+// src/middleware/audit-logger.ts
+init_esm_shims();
+var import_errors26 = __toESM(require_dist2(), 1);
+import { existsSync as existsSync2 } from "fs";
+import { dirname, isAbsolute, join as join33, resolve as resolve4 } from "path";
+var logger24 = (0, import_errors26.createMcpLogger)({ name: "@toolcairn/mcp-server:audit-logger" });
+var cwdRootCache = /* @__PURE__ */ new Map();
+var RECOMMENDATION_TOOLS = /* @__PURE__ */ new Set([
+  "search_tools",
+  "search_tools_respond",
+  "get_stack",
+  "refine_requirement"
+]);
+var SKIP_AUDIT = /* @__PURE__ */ new Set([
+  // Currently empty — but reserved if e.g. a heartbeat tool is added later.
+]);
+function withAuditLog(toolName, handler) {
+  return async (args) => {
+    const start = Date.now();
+    let result;
+    let status = "ok";
+    let thrown;
+    try {
+      result = await handler(args);
+      if (result.isError) status = "error";
+    } catch (err) {
+      status = "error";
+      thrown = err;
+    }
+    const duration_ms = Date.now() - start;
+    if (result && status === "ok" && RECOMMENDATION_TOOLS.has(toolName)) {
+      result = injectNextActionHint(result, toolName);
+    }
+    if (!SKIP_AUDIT.has(toolName)) {
+      const projectRoot = resolveProjectRoot(args);
+      if (projectRoot) {
+        const entry = buildEntry({
+          toolName,
+          args,
+          result,
+          status,
+          duration_ms
+        });
+        appendToolCallAudit(projectRoot, entry).catch((err) => {
+          logger24.debug({ err, toolName, projectRoot }, "audit-log: append failed (non-fatal)");
+        });
+      }
+    }
+    if (thrown !== void 0) throw thrown;
+    return result ?? { content: [], isError: true };
+  };
+}
+function resolveProjectRoot(args) {
+  const explicit = args.project_root;
+  if (typeof explicit === "string" && explicit.length > 0 && isAbsolute(explicit)) {
+    return explicit;
+  }
+  return findRootForCwd(process.cwd());
+}
+function findRootForCwd(cwd) {
+  const cached = cwdRootCache.get(cwd);
+  if (cached !== void 0) return cached;
+  let dir = resolve4(cwd);
+  while (true) {
+    if (existsSync2(join33(dir, ".toolcairn", "config.json"))) {
+      cwdRootCache.set(cwd, dir);
+      return dir;
+    }
+    const parent = dirname(dir);
+    if (parent === dir) {
+      cwdRootCache.set(cwd, null);
+      return null;
+    }
+    dir = parent;
+  }
+}
+function buildEntry(input) {
+  const { toolName, args, result, status, duration_ms } = input;
+  const argQueryId = typeof args.query_id === "string" ? args.query_id : void 0;
+  const data = result ? extractResultData(result) : void 0;
+  const responseQueryId = typeof data?.query_id === "string" ? data.query_id : void 0;
+  const query_id = argQueryId ?? responseQueryId;
+  const tool = pickToolLabel(toolName, args, data);
+  const outcome = pickOutcome(toolName, args);
+  const replaced_by = pickReplacedBy(toolName, args);
+  const candidates = pickCandidates(toolName, data);
+  const metadata = buildMetadata(toolName, args, data);
+  const reason = buildReason(toolName, args, status);
+  const entry = {
+    action: "tool_call",
+    tool,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    reason,
+    mcp_tool: toolName,
+    duration_ms,
+    status
+  };
+  if (query_id) entry.query_id = query_id;
+  if (outcome) entry.outcome = outcome;
+  if (replaced_by) entry.replaced_by = replaced_by;
+  if (candidates && candidates.length > 0) entry.candidates = candidates;
+  if (metadata && Object.keys(metadata).length > 0) entry.metadata = metadata;
+  return entry;
+}
+function pickToolLabel(toolName, args, data) {
+  if (toolName === "report_outcome" && typeof args.chosen_tool === "string") {
+    return args.chosen_tool;
+  }
+  if ((toolName === "check_compatibility" || toolName === "compare_tools") && typeof args.tool_a === "string" && typeof args.tool_b === "string") {
+    return `${args.tool_a}|${args.tool_b}`;
+  }
+  if (toolName === "check_issue" && typeof args.tool_name === "string") {
+    return args.tool_name;
+  }
+  if (toolName === "verify_suggestion" && Array.isArray(data?.verified)) {
+    return "__verify__";
+  }
+  if (toolName === "update_project_config" && typeof args.tool_name === "string") {
+    return args.tool_name;
+  }
+  return `__call__:${toolName}`;
+}
+function pickOutcome(toolName, args) {
+  if (toolName !== "report_outcome") return void 0;
+  const v = args.outcome;
+  if (v === "success" || v === "failure" || v === "replaced" || v === "pending") return v;
+  return void 0;
+}
+function pickReplacedBy(toolName, args) {
+  if (toolName !== "report_outcome") return void 0;
+  return typeof args.replaced_by === "string" ? args.replaced_by : void 0;
+}
+function pickCandidates(toolName, data) {
+  if (!data) return void 0;
+  if (toolName === "search_tools" || toolName === "search_tools_respond") {
+    const results = data.results;
+    if (Array.isArray(results)) {
+      const names = results.map((r) => r && typeof r === "object" ? r.name : void 0).filter((n) => typeof n === "string").slice(0, 5);
+      return names.length > 0 ? names : void 0;
+    }
+  }
+  if (toolName === "get_stack") {
+    const stack = data.stack;
+    if (Array.isArray(stack)) {
+      const names = stack.map((r) => r && typeof r === "object" ? r.name : void 0).filter((n) => typeof n === "string").slice(0, 10);
+      return names.length > 0 ? names : void 0;
+    }
+  }
+  return void 0;
+}
+function buildMetadata(toolName, args, data) {
+  const meta = {};
+  if (typeof args.query === "string") meta.query = truncate(args.query, 200);
+  if (typeof args.use_case === "string") meta.use_case = truncate(args.use_case, 200);
+  if (typeof args.action === "string") meta.config_action = args.action;
+  if (typeof args.agent === "string") meta.agent = args.agent;
+  if (data) {
+    if (typeof data.status === "string") meta.response_status = data.status;
+    if (typeof data.stage === "number") meta.stage = data.stage;
+    if (typeof data.is_two_option === "boolean") meta.is_two_option = data.is_two_option;
+    if (typeof data.compatibility_signal === "string")
+      meta.compatibility_signal = data.compatibility_signal;
+    if (typeof data.recommendation === "string") meta.recommendation = data.recommendation;
+    if (typeof data.staged === "number") meta.staged = data.staged;
+  }
+  return meta;
+}
+function buildReason(toolName, args, status) {
+  if (status === "error") return `MCP tool ${toolName} failed`;
+  if (toolName === "report_outcome" && typeof args.outcome === "string") {
+    const chosen = typeof args.chosen_tool === "string" ? args.chosen_tool : "?";
+    return `report_outcome: ${chosen} \u2192 ${args.outcome}`;
+  }
+  if (toolName === "search_tools" && typeof args.query === "string") {
+    return `search_tools: ${truncate(args.query, 120)}`;
+  }
+  if (toolName === "get_stack" && typeof args.use_case === "string") {
+    return `get_stack: ${truncate(args.use_case, 120)}`;
+  }
+  if (toolName === "update_project_config" && typeof args.action === "string") {
+    const tn = typeof args.tool_name === "string" ? ` ${args.tool_name}` : "";
+    return `update_project_config: ${args.action}${tn}`;
+  }
+  return `MCP tool ${toolName}`;
+}
+function truncate(s, n) {
+  return s.length <= n ? s : `${s.slice(0, n - 1)}\u2026`;
+}
+function injectNextActionHint(result, toolName) {
+  try {
+    const first = result.content?.[0];
+    if (!first || first.type !== "text") return result;
+    const parsed = JSON.parse(first.text);
+    const data = parsed.data ?? void 0;
+    if (!data) return result;
+    const queryId = typeof data.query_id === "string" ? data.query_id : void 0;
+    if (!queryId) return result;
+    if (typeof data.next_action === "string" && data.next_action.length > 0) return result;
+    data.next_action = buildHint(toolName, queryId);
+    parsed.data = data;
+    return {
+      ...result,
+      content: [{ type: "text", text: JSON.stringify(parsed) }]
+    };
+  } catch {
+    return result;
+  }
+}
+function buildHint(toolName, queryId) {
+  if (toolName === "refine_requirement") {
+    return `Use the decomposition to call get_stack or search_tools (passing query_id="${queryId}"); after the user actually uses the chosen tool, call report_outcome({ query_id: "${queryId}", chosen_tool, outcome }).`;
+  }
+  return `After the user actually uses one of the suggested tools (or replaces it), call report_outcome({ query_id: "${queryId}", chosen_tool, outcome }) to close the feedback loop.`;
+}
+function extractResultData(result) {
+  try {
+    const first = result.content?.[0];
+    if (!first || first.type !== "text") return void 0;
+    const parsed = JSON.parse(first.text);
+    const data = parsed.data;
+    return data && typeof data === "object" ? data : void 0;
+  } catch {
+    return void 0;
+  }
+}
 // src/middleware/event-logger.ts
 init_esm_shims();
 var import_config2 = __toESM(require_dist(), 1);
-var import_errors26 = __toESM(require_dist2(), 1);
+var import_errors27 = __toESM(require_dist2(), 1);
 import { appendFile as appendFile2, mkdir as mkdir6 } from "fs/promises";
-import { dirname } from "path";
-var logger24 = (0, import_errors26.createMcpLogger)({ name: "@toolcairn/mcp-server:event-logger" });
+import { dirname as dirname2 } from "path";
+var logger25 = (0, import_errors27.createMcpLogger)({ name: "@toolcairn/mcp-server:event-logger" });
 function isTrackingEnabled() {
   return process.env.TOOLCAIRN_TRACKING_ENABLED !== "false";
 }
@@ -5749,11 +6074,11 @@ function extractMetadata(toolName, result) {
 }
 async function writeToFile(eventsPath, event) {
   try {
-    await mkdir6(dirname(eventsPath), { recursive: true });
+    await mkdir6(dirname2(eventsPath), { recursive: true });
     await appendFile2(eventsPath, `${JSON.stringify(event)}
 `, "utf-8");
   } catch (e) {
-    logger24.warn({ err: e, path: eventsPath }, "Failed to write event to JSONL file");
+    logger25.warn({ err: e, path: eventsPath }, "Failed to write event to JSONL file");
   }
 }
 async function sendToApi(event) {
@@ -5775,7 +6100,7 @@ async function sendToApi(event) {
       })
     });
   } catch (e) {
-    logger24.debug({ err: e }, "Failed to send event to API \u2014 non-fatal");
+    logger25.debug({ err: e }, "Failed to send event to API \u2014 non-fatal");
   }
 }
 function withEventLogging(toolName, handler) {
@@ -5816,7 +6141,7 @@ function withEventLogging(toolName, handler) {
 }
 // src/server.prod.ts
-var logger25 = (0, import_errors27.createMcpLogger)({ name: "@toolcairn/mcp-server:prod" });
+var logger26 = (0, import_errors28.createMcpLogger)({ name: "@toolcairn/mcp-server:prod" });
 var SETUP_INSTRUCTIONS = `
 # ToolCairn \u2014 Agent Setup Instructions
@@ -5900,9 +6225,12 @@ async function addToolsToServer(server) {
     apiKey: creds.client_id,
     accessToken: creds.access_token
   });
-  logger25.info({ user: creds.user_email }, "Registering production tools");
+  logger26.info({ user: creds.user_email }, "Registering production tools");
   function wrap(toolName, fn) {
-    return withEventLogging(toolName, (0, import_errors27.withErrorHandling)(toolName, logger25, fn));
+    return withEventLogging(
+      toolName,
+      withAuditLog(toolName, (0, import_errors28.withErrorHandling)(toolName, logger26, fn))
+    );
   }
   server.registerTool(
     "classify_prompt",
@@ -6040,7 +6368,8 @@ async function addToolsToServer(server) {
         )
       })
     },
-    async ({ action }) => {
+    wrap("toolcairn_auth", async (rawArgs) => {
+      const action = rawArgs.action;
       if (action === "status") {
         const c = await loadCredentials();
         const isAuth = c !== null && isTokenValid(c);
@@ -6075,7 +6404,7 @@ async function addToolsToServer(server) {
       try {
         const user = await startDeviceAuth(import_config3.config.TOOLPILOT_API_URL);
         const initSummary = await runPostAuthInit({ agent: "claude" }).catch((err) => {
-          logger25.warn({ err }, "runPostAuthInit failed post-login \u2014 auth still succeeds");
+          logger26.warn({ err }, "runPostAuthInit failed post-login \u2014 auth still succeeds");
           return null;
         });
         return {
@@ -6102,7 +6431,7 @@ async function addToolsToServer(server) {
           isError: true
         };
       }
-    }
+    })
   );
 }
 async function buildProdServer() {
@@ -6130,14 +6459,14 @@ function createTransport() {
 // src/index.prod.ts
 process.env.TOOLPILOT_MODE = "production";
-var logger26 = (0, import_errors28.createMcpLogger)({ name: "@toolcairn/mcp-server" });
+var logger27 = (0, import_errors29.createMcpLogger)({ name: "@toolcairn/mcp-server" });
 async function main() {
   await ensureProjectSetup();
   const creds = await loadCredentials();
   const authenticated = creds !== null && isTokenValid(creds);
   let server;
   if (authenticated) {
-    logger26.info({ user: creds.user_email }, "Authenticated \u2014 starting full server");
+    logger27.info({ user: creds.user_email }, "Authenticated \u2014 starting full server");
     server = await buildProdServer();
   } else {
     let verificationUri = "https://toolcairn.neurynae.com/signup";
@@ -6147,15 +6476,15 @@ async function main() {
       if (pending) {
         verificationUri = pending.verification_uri;
         userCode = pending.user_code;
-        logger26.info({ userCode }, "Resuming pending sign-in");
+        logger27.info({ userCode }, "Resuming pending sign-in");
       } else {
         const codeData = await requestDeviceCode(import_config5.config.TOOLPILOT_API_URL);
         verificationUri = codeData.verification_uri;
         userCode = codeData.user_code;
-        logger26.info({ userCode }, "New sign-in started");
+        logger27.info({ userCode }, "New sign-in started");
       }
     } catch (err) {
-      logger26.error({ err }, "Could not reach ToolCairn API \u2014 check your connection");
+      logger27.error({ err }, "Could not reach ToolCairn API \u2014 check your connection");
     }
     const instructions = userCode ? `# ToolCairn \u2014 Sign In Required
@@ -6189,17 +6518,17 @@ After sign-in the server will automatically provision .toolcairn/config.json for
       })
     );
     startDeviceAuth(import_config5.config.TOOLPILOT_API_URL).then(async () => {
-      logger26.info("Sign-in complete \u2014 adding all tools to running server");
+      logger27.info("Sign-in complete \u2014 adding all tools to running server");
       try {
         await addToolsToServer(server);
-        logger26.info("All ToolCairn tools now available");
+        logger27.info("All ToolCairn tools now available");
       } catch (err) {
-        logger26.error({ err }, "Failed to add tools after sign-in \u2014 please reconnect");
+        logger27.error({ err }, "Failed to add tools after sign-in \u2014 please reconnect");
         return;
       }
       try {
         const summary = await runPostAuthInit({ agent: "claude" });
-        logger26.info(
+        logger27.info(
           {
             roots: summary.roots_discovered.length,
             provisioned: summary.projects.length,
@@ -6208,18 +6537,18 @@ After sign-in the server will automatically provision .toolcairn/config.json for
           "Post-sign-in auto-init complete"
         );
       } catch (err) {
-        logger26.warn({ err }, "Post-sign-in auto-init failed \u2014 call toolcairn_init manually");
+        logger27.warn({ err }, "Post-sign-in auto-init failed \u2014 call toolcairn_init manually");
       }
     }).catch((err) => {
-      logger26.error({ err }, "Sign-in failed \u2014 please try again");
+      logger27.error({ err }, "Sign-in failed \u2014 please try again");
     });
   }
   const transport = createTransport();
   await server.connect(transport);
-  logger26.info(authenticated ? "ToolCairn MCP ready" : "ToolCairn MCP ready (awaiting sign-in)");
+  logger27.info(authenticated ? "ToolCairn MCP ready" : "ToolCairn MCP ready (awaiting sign-in)");
   if (authenticated) {
     void runPostAuthInit({ agent: "claude" }).then((summary) => {
-      logger26.info(
+      logger27.info(
         {
           roots: summary.roots_discovered.length,
           provisioned: summary.projects.length,
@@ -6228,12 +6557,12 @@ After sign-in the server will automatically provision .toolcairn/config.json for
         "Background auto-refresh complete"
       );
     }).catch((err) => {
-      logger26.warn({ err }, "Background auto-refresh failed \u2014 config left as-is");
+      logger27.warn({ err }, "Background auto-refresh failed \u2014 config left as-is");
     });
   }
 }
 main().catch((error) => {
-  (0, import_errors28.createMcpLogger)({ name: "@toolcairn/mcp-server" }).error(
+  (0, import_errors29.createMcpLogger)({ name: "@toolcairn/mcp-server" }).error(
     { err: error },
     "Failed to start MCP server"
   );