@neurynae/toolcairn-mcp 0.10.12 → 0.10.14

package/dist/index.js

@@ -336,8 +336,8 @@ var require_logger = __commonJS({
       return mod && mod.__esModule ? mod : { "default": mod };
     };
     Object.defineProperty(exports, "__esModule", { value: true });
-    exports.createMcpLogger = createMcpLogger27;
-    exports.createLogger = createMcpLogger27;
+    exports.createMcpLogger = createMcpLogger28;
+    exports.createLogger = createMcpLogger28;
     var node_os_1 = __require("os");
     var node_path_1 = __require("path");
     var pino_1 = __importDefault(__require("pino"));
@@ -361,7 +361,7 @@ var require_logger = __commonJS({
       "*.apiKey",
       "*.api_key"
     ];
-    function createMcpLogger27(opts) {
+    function createMcpLogger28(opts) {
       const level = opts.level ?? process.env.LOG_LEVEL ?? (process.env.NODE_ENV !== "production" ? "debug" : "info");
       const pinoOpts = {
         name: opts.name,
@@ -407,14 +407,14 @@ var require_mcp_error_wrapper = __commonJS({
     exports.withErrorHandling = withErrorHandling2;
     var error_codes_js_1 = require_error_codes();
     var errors_js_1 = require_errors();
-    function withErrorHandling2(toolName, logger27, handler) {
+    function withErrorHandling2(toolName, logger28, handler) {
       return async (args) => {
         try {
           return await handler(args);
         } catch (err) {
           if (err instanceof errors_js_1.AppError) {
             const logLevel = err.severity === "critical" || err.severity === "high" ? "error" : "warn";
-            logger27[logLevel]({ err, tool: toolName }, `Tool ${toolName} failed: ${err.message}`);
+            logger28[logLevel]({ err, tool: toolName }, `Tool ${toolName} failed: ${err.message}`);
             return {
               content: [
                 {
@@ -429,7 +429,7 @@ var require_mcp_error_wrapper = __commonJS({
               isError: true
             };
           }
-          logger27.error({ err, tool: toolName }, `Unexpected error in tool ${toolName}`);
+          logger28.error({ err, tool: toolName }, `Unexpected error in tool ${toolName}`);
           return {
             content: [
               {
@@ -512,7 +512,7 @@ var require_dist2 = __commonJS({
 // src/index.prod.ts
 init_esm_shims();
 var import_config5 = __toESM(require_dist(), 1);
-var import_errors28 = __toESM(require_dist2(), 1);
+var import_errors29 = __toESM(require_dist2(), 1);
 import { McpServer as McpServer2 } from "@modelcontextprotocol/sdk/server/mcp.js";
 
 // ../../packages/remote/dist/index.js
@@ -939,7 +939,7 @@ async function pollForToken(apiUrl, deviceCode, intervalSec) {
   }
 }
 function sleep(ms) {
-  return new Promise((resolve4) => setTimeout(resolve4, ms));
+  return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
 
 // src/index.prod.ts
@@ -1316,10 +1316,33 @@ async function writeConfig(projectRoot, config5) {
 init_esm_shims();
 var import_errors6 = __toESM(require_dist2(), 1);
 import { appendFile, mkdir as mkdir3, readFile as readFile3, rm, writeFile as writeFile2 } from "fs/promises";
+import lockfile from "proper-lockfile";
 import writeFileAtomic2 from "write-file-atomic";
+
+// ../../packages/tools-local/dist/config-store/skeleton.js
+init_esm_shims();
+function emptySkeleton(name = "") {
+  return {
+    version: "1.2",
+    project: {
+      name,
+      languages: [],
+      frameworks: [],
+      subprojects: []
+    },
+    tools: {
+      confirmed: [],
+      pending_evaluation: [],
+      unknown_in_graph: []
+    },
+    last_audit_entry: null
+  };
+}
+
+// ../../packages/tools-local/dist/config-store/audit.js
 var logger4 = (0, import_errors6.createMcpLogger)({ name: "@toolcairn/tools:audit-log" });
-var MAX_LIVE_ENTRIES = 1e3;
-var ARCHIVE_BATCH = 500;
+var MAX_LIVE_ENTRIES = 5e3;
+var ARCHIVE_BATCH = 2500;
 async function appendAudit(projectRoot, entry) {
   await mkdir3(joinConfigDir(projectRoot), { recursive: true });
   const auditPath = joinAuditPath(projectRoot);
@@ -1338,6 +1361,49 @@ async function bulkAppendAudit(projectRoot, entries) {
   await appendFile(auditPath, payload, "utf-8");
   await rotateIfNeeded(projectRoot, auditPath);
 }
+async function appendToolCallAudit(projectRoot, entry) {
+  try {
+    await ensureLockable(projectRoot);
+  } catch (err) {
+    logger4.debug({ err, projectRoot }, "audit-log: bootstrap skipped (read-only?) \u2014 abandoning");
+    return;
+  }
+  const configPath = joinConfigPath(projectRoot);
+  let release = null;
+  try {
+    release = await lockfile.lock(configPath, {
+      stale: 1e4,
+      retries: { retries: 5, minTimeout: 50, factor: 2, maxTimeout: 500 },
+      realpath: false
+    });
+    await appendAudit(projectRoot, entry);
+  } catch (err) {
+    logger4.warn({ err, projectRoot }, "audit-log: tool-call append failed");
+  } finally {
+    if (release) {
+      try {
+        await release();
+      } catch (err) {
+        logger4.debug({ err }, "audit-log: lock release failed (likely already stale)");
+      }
+    }
+  }
+}
+async function ensureLockable(projectRoot) {
+  await mkdir3(joinConfigDir(projectRoot), { recursive: true });
+  const configPath = joinConfigPath(projectRoot);
+  if (!await fileExists(configPath)) {
+    await writeFile2(configPath, `${JSON.stringify(emptySkeleton(), null, 2)}
+`, "utf-8");
+  }
+}
+async function readLiveAudit(projectRoot) {
+  const auditPath = joinAuditPath(projectRoot);
+  if (!await fileExists(auditPath))
+    return [];
+  const raw = await readFile3(auditPath, "utf-8");
+  return parseJsonl(raw);
+}
 async function rotateIfNeeded(projectRoot, auditPath) {
   const raw = await readFile3(auditPath, "utf-8");
   const lines = raw.split("\n").filter((l) => l.trim().length > 0);
@@ -1357,6 +1423,18 @@ async function rotateIfNeeded(projectRoot, auditPath) {
     logger4.warn({ err, auditPath, archivePath }, "Audit-log rotation failed \u2014 live file intact");
   }
 }
+function parseJsonl(raw) {
+  const out = [];
+  for (const line of raw.split("\n")) {
+    if (!line.trim())
+      continue;
+    try {
+      out.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  return out;
+}
 
 // ../../packages/tools-local/dist/config-store/migrate.js
 init_esm_shims();
@@ -1429,35 +1507,13 @@ async function migrateToV1_2(config5, projectRoot) {
 init_esm_shims();
 var import_errors7 = __toESM(require_dist2(), 1);
 import { mkdir as mkdir4, writeFile as writeFile3 } from "fs/promises";
-import lockfile from "proper-lockfile";
-
-// ../../packages/tools-local/dist/config-store/skeleton.js
-init_esm_shims();
-function emptySkeleton(name = "") {
-  return {
-    version: "1.2",
-    project: {
-      name,
-      languages: [],
-      frameworks: [],
-      subprojects: []
-    },
-    tools: {
-      confirmed: [],
-      pending_evaluation: [],
-      unknown_in_graph: []
-    },
-    last_audit_entry: null
-  };
-}
-
-// ../../packages/tools-local/dist/config-store/mutate.js
+import lockfile2 from "proper-lockfile";
 var logger5 = (0, import_errors7.createMcpLogger)({ name: "@toolcairn/tools:config-store" });
 async function mutateConfig(projectRoot, mutator, audit) {
   const configPath = joinConfigPath(projectRoot);
   const preExisted = await fileExists(configPath);
   await ensureLockableDir(projectRoot);
-  const release = await lockfile.lock(configPath, {
+  const release = await lockfile2.lock(configPath, {
     stale: 1e4,
     retries: { retries: 5, minTimeout: 50, factor: 2, maxTimeout: 500 },
     realpath: false
@@ -4797,6 +4853,35 @@ init_esm_shims();
 var import_errors22 = __toESM(require_dist2(), 1);
 var logger20 = (0, import_errors22.createMcpLogger)({ name: "@toolcairn/tools:read-project-config" });
 var STALENESS_THRESHOLD_DAYS = 90;
+var PENDING_OUTCOME_TTL_DAYS = 7;
+var RECOMMENDATION_MCP_TOOLS = /* @__PURE__ */ new Set(["search_tools", "search_tools_respond", "get_stack"]);
+function derivePendingOutcomes(entries) {
+  const cutoff = Date.now() - PENDING_OUTCOME_TTL_DAYS * 24 * 60 * 60 * 1e3;
+  const open = /* @__PURE__ */ new Map();
+  for (const e of entries) {
+    if (e.action !== "tool_call" || !e.query_id)
+      continue;
+    if (e.status === "error")
+      continue;
+    const ts = Date.parse(e.timestamp);
+    if (Number.isNaN(ts) || ts < cutoff)
+      continue;
+    if (e.mcp_tool && RECOMMENDATION_MCP_TOOLS.has(e.mcp_tool)) {
+      const queryFromMeta = typeof e.metadata?.query === "string" ? e.metadata.query : typeof e.metadata?.use_case === "string" ? e.metadata.use_case : null;
+      open.set(e.query_id, {
+        query_id: e.query_id,
+        mcp_tool: e.mcp_tool,
+        selected_at: e.timestamp,
+        age_hours: Math.round((Date.now() - ts) / (1e3 * 60 * 60)),
+        candidates: e.candidates ?? [],
+        query: queryFromMeta
+      });
+    } else if (e.mcp_tool === "report_outcome") {
+      open.delete(e.query_id);
+    }
+  }
+  return Array.from(open.values()).sort((a, b) => Date.parse(a.selected_at) - Date.parse(b.selected_at));
+}
 function daysSince(isoDate) {
   return (Date.now() - new Date(isoDate).getTime()) / (1e3 * 60 * 60 * 24);
 }
@@ -4843,6 +4928,13 @@ async function handleReadProjectConfig(args) {
     });
     const non_oss_tools = config5.tools.confirmed.filter((t) => t.source === "non_oss").map((t) => t.name);
     const unknown_tools = (config5.tools.unknown_in_graph ?? []).filter((t) => !t.suggested);
+    let pending_outcomes = [];
+    try {
+      const auditEntries = await readLiveAudit(args.project_root);
+      pending_outcomes = derivePendingOutcomes(auditEntries);
+    } catch (err) {
+      logger20.debug({ err }, "pending_outcomes derivation skipped (audit-log unreadable)");
+    }
     const toolcairn_indexed_tools = config5.tools.confirmed.filter((t) => t.source === "toolcairn" || t.source === "toolpilot").map((t) => t.name);
     const include_locations = args.include_locations === true;
     const confirmed_tools_detail = include_locations ? config5.tools.confirmed.map((t) => ({
@@ -4862,7 +4954,8 @@ async function handleReadProjectConfig(args) {
       "When recommending tools, skip any already in confirmed_tools.",
       non_oss_tools.length > 0 ? `Non-OSS tools in project (handle separately): ${non_oss_tools.join(", ")}` : "",
       staleTools.length > 0 ? `Tools that may be stale \u2014 worth re-checking: ${staleTools.map((t) => t.name).join(", ")}` : "",
-      unknown_tools.length > 0 ? `Unknown-to-graph tools awaiting submission (${unknown_tools.length}): ${unknown_tools.map((t) => t.name).join(", ")}. BEFORE answering the user, call suggest_graph_update (suggestion_type="new_tool", data.tools=<this list>) to STAGE them for admin review, then update_project_config action="mark_suggestions_sent" with the successful tool_names.` : ""
+      unknown_tools.length > 0 ? `Unknown-to-graph tools awaiting submission (${unknown_tools.length}): ${unknown_tools.map((t) => t.name).join(", ")}. BEFORE answering the user, call suggest_graph_update (suggestion_type="new_tool", data.tools=<this list>) to STAGE them for admin review, then update_project_config action="mark_suggestions_sent" with the successful tool_names.` : "",
+      pending_outcomes.length > 0 ? `Pending outcomes (${pending_outcomes.length}) \u2014 recommendations the user used but you have not yet reported on. As soon as the user uses (or replaces) one of the suggested tools, call report_outcome with the matching query_id: ${pending_outcomes.map((p) => `${p.query_id} (${p.mcp_tool}, ${p.age_hours}h ago${p.candidates.length > 0 ? `, candidates: ${p.candidates.slice(0, 3).join("/")}` : ""})`).join("; ")}.` : ""
     ].filter(Boolean);
     return okResult({
       status: "ready",
@@ -4883,6 +4976,8 @@ async function handleReadProjectConfig(args) {
       total_confirmed: confirmedToolNames.length,
       total_pending: pendingToolNames.length,
       total_unknown_undrained: unknown_tools.length,
+      pending_outcomes,
+      total_pending_outcomes: pending_outcomes.length,
       last_audit_entry: config5.last_audit_entry ?? null,
       scan_metadata: config5.scan_metadata ?? null,
       confirmed_tools_detail,
@@ -5699,17 +5794,243 @@ async function createIfAbsent(filePath, content, label) {
 // src/server.prod.ts
 init_esm_shims();
 var import_config3 = __toESM(require_dist(), 1);
-var import_errors27 = __toESM(require_dist2(), 1);
+var import_errors28 = __toESM(require_dist2(), 1);
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z as z2 } from "zod";
 
+// src/middleware/audit-logger.ts
+init_esm_shims();
+var import_errors26 = __toESM(require_dist2(), 1);
+import { existsSync as existsSync2 } from "fs";
+import { dirname, isAbsolute, join as join33, resolve as resolve4 } from "path";
+var logger24 = (0, import_errors26.createMcpLogger)({ name: "@toolcairn/mcp-server:audit-logger" });
+var cwdRootCache = /* @__PURE__ */ new Map();
+var RECOMMENDATION_TOOLS = /* @__PURE__ */ new Set([
+  "search_tools",
+  "search_tools_respond",
+  "get_stack",
+  "refine_requirement"
+]);
+var SKIP_AUDIT = /* @__PURE__ */ new Set([
+  // Currently empty — but reserved if e.g. a heartbeat tool is added later.
+]);
+function withAuditLog(toolName, handler) {
+  return async (args) => {
+    const start = Date.now();
+    let result;
+    let status = "ok";
+    let thrown;
+    try {
+      result = await handler(args);
+      if (result.isError) status = "error";
+    } catch (err) {
+      status = "error";
+      thrown = err;
+    }
+    const duration_ms = Date.now() - start;
+    if (result && status === "ok" && RECOMMENDATION_TOOLS.has(toolName)) {
+      result = injectNextActionHint(result, toolName);
+    }
+    if (!SKIP_AUDIT.has(toolName)) {
+      const projectRoot = resolveProjectRoot(args);
+      if (projectRoot) {
+        const entry = buildEntry({
+          toolName,
+          args,
+          result,
+          status,
+          duration_ms
+        });
+        appendToolCallAudit(projectRoot, entry).catch((err) => {
+          logger24.debug({ err, toolName, projectRoot }, "audit-log: append failed (non-fatal)");
+        });
+      }
+    }
+    if (thrown !== void 0) throw thrown;
+    return result ?? { content: [], isError: true };
+  };
+}
+function resolveProjectRoot(args) {
+  const explicit = args.project_root;
+  if (typeof explicit === "string" && explicit.length > 0 && isAbsolute(explicit)) {
+    return explicit;
+  }
+  return findRootForCwd(process.cwd());
+}
+function findRootForCwd(cwd) {
+  const cached = cwdRootCache.get(cwd);
+  if (cached !== void 0) return cached;
+  let dir = resolve4(cwd);
+  while (true) {
+    if (existsSync2(join33(dir, ".toolcairn", "config.json"))) {
+      cwdRootCache.set(cwd, dir);
+      return dir;
+    }
+    const parent = dirname(dir);
+    if (parent === dir) {
+      cwdRootCache.set(cwd, null);
+      return null;
+    }
+    dir = parent;
+  }
+}
+function buildEntry(input) {
+  const { toolName, args, result, status, duration_ms } = input;
+  const argQueryId = typeof args.query_id === "string" ? args.query_id : void 0;
+  const data = result ? extractResultData(result) : void 0;
+  const responseQueryId = typeof data?.query_id === "string" ? data.query_id : void 0;
+  const query_id = argQueryId ?? responseQueryId;
+  const tool = pickToolLabel(toolName, args, data);
+  const outcome = pickOutcome(toolName, args);
+  const replaced_by = pickReplacedBy(toolName, args);
+  const candidates = pickCandidates(toolName, data);
+  const metadata = buildMetadata(toolName, args, data);
+  const reason = buildReason(toolName, args, status);
+  const entry = {
+    action: "tool_call",
+    tool,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    reason,
+    mcp_tool: toolName,
+    duration_ms,
+    status
+  };
+  if (query_id) entry.query_id = query_id;
+  if (outcome) entry.outcome = outcome;
+  if (replaced_by) entry.replaced_by = replaced_by;
+  if (candidates && candidates.length > 0) entry.candidates = candidates;
+  if (metadata && Object.keys(metadata).length > 0) entry.metadata = metadata;
+  return entry;
+}
+function pickToolLabel(toolName, args, data) {
+  if (toolName === "report_outcome" && typeof args.chosen_tool === "string") {
+    return args.chosen_tool;
+  }
+  if ((toolName === "check_compatibility" || toolName === "compare_tools") && typeof args.tool_a === "string" && typeof args.tool_b === "string") {
+    return `${args.tool_a}|${args.tool_b}`;
+  }
+  if (toolName === "check_issue" && typeof args.tool_name === "string") {
+    return args.tool_name;
+  }
+  if (toolName === "verify_suggestion" && Array.isArray(data?.verified)) {
+    return "__verify__";
+  }
+  if (toolName === "update_project_config" && typeof args.tool_name === "string") {
+    return args.tool_name;
+  }
+  return `__call__:${toolName}`;
+}
+function pickOutcome(toolName, args) {
+  if (toolName !== "report_outcome") return void 0;
+  const v = args.outcome;
+  if (v === "success" || v === "failure" || v === "replaced" || v === "pending") return v;
+  return void 0;
+}
+function pickReplacedBy(toolName, args) {
+  if (toolName !== "report_outcome") return void 0;
+  return typeof args.replaced_by === "string" ? args.replaced_by : void 0;
+}
+function pickCandidates(toolName, data) {
+  if (!data) return void 0;
+  if (toolName === "search_tools" || toolName === "search_tools_respond") {
+    const results = data.results;
+    if (Array.isArray(results)) {
+      const names = results.map((r) => r && typeof r === "object" ? r.name : void 0).filter((n) => typeof n === "string").slice(0, 5);
+      return names.length > 0 ? names : void 0;
+    }
+  }
+  if (toolName === "get_stack") {
+    const stack = data.stack;
+    if (Array.isArray(stack)) {
+      const names = stack.map((r) => r && typeof r === "object" ? r.name : void 0).filter((n) => typeof n === "string").slice(0, 10);
+      return names.length > 0 ? names : void 0;
+    }
+  }
+  return void 0;
+}
+function buildMetadata(toolName, args, data) {
+  const meta = {};
+  if (typeof args.query === "string") meta.query = truncate(args.query, 200);
+  if (typeof args.use_case === "string") meta.use_case = truncate(args.use_case, 200);
+  if (typeof args.action === "string") meta.config_action = args.action;
+  if (typeof args.agent === "string") meta.agent = args.agent;
+  if (data) {
+    if (typeof data.status === "string") meta.response_status = data.status;
+    if (typeof data.stage === "number") meta.stage = data.stage;
+    if (typeof data.is_two_option === "boolean") meta.is_two_option = data.is_two_option;
+    if (typeof data.compatibility_signal === "string")
+      meta.compatibility_signal = data.compatibility_signal;
+    if (typeof data.recommendation === "string") meta.recommendation = data.recommendation;
+    if (typeof data.staged === "number") meta.staged = data.staged;
+  }
+  return meta;
+}
+function buildReason(toolName, args, status) {
+  if (status === "error") return `MCP tool ${toolName} failed`;
+  if (toolName === "report_outcome" && typeof args.outcome === "string") {
+    const chosen = typeof args.chosen_tool === "string" ? args.chosen_tool : "?";
+    return `report_outcome: ${chosen} \u2192 ${args.outcome}`;
+  }
+  if (toolName === "search_tools" && typeof args.query === "string") {
+    return `search_tools: ${truncate(args.query, 120)}`;
+  }
+  if (toolName === "get_stack" && typeof args.use_case === "string") {
+    return `get_stack: ${truncate(args.use_case, 120)}`;
+  }
+  if (toolName === "update_project_config" && typeof args.action === "string") {
+    const tn = typeof args.tool_name === "string" ? ` ${args.tool_name}` : "";
+    return `update_project_config: ${args.action}${tn}`;
+  }
+  return `MCP tool ${toolName}`;
+}
+function truncate(s, n) {
+  return s.length <= n ? s : `${s.slice(0, n - 1)}\u2026`;
+}
+function injectNextActionHint(result, toolName) {
+  try {
+    const first = result.content?.[0];
+    if (!first || first.type !== "text") return result;
+    const parsed = JSON.parse(first.text);
+    const data = parsed.data ?? void 0;
+    if (!data) return result;
+    const queryId = typeof data.query_id === "string" ? data.query_id : void 0;
+    if (!queryId) return result;
+    if (typeof data.next_action === "string" && data.next_action.length > 0) return result;
+    data.next_action = buildHint(toolName, queryId);
+    parsed.data = data;
+    return {
+      ...result,
+      content: [{ type: "text", text: JSON.stringify(parsed) }]
+    };
+  } catch {
+    return result;
+  }
+}
+function buildHint(toolName, queryId) {
+  if (toolName === "refine_requirement") {
+    return `Use the decomposition to call get_stack or search_tools (passing query_id="${queryId}"); after the user actually uses the chosen tool, call report_outcome({ query_id: "${queryId}", chosen_tool, outcome }).`;
+  }
+  return `After the user actually uses one of the suggested tools (or replaces it), call report_outcome({ query_id: "${queryId}", chosen_tool, outcome }) to close the feedback loop.`;
+}
+function extractResultData(result) {
+  try {
+    const first = result.content?.[0];
+    if (!first || first.type !== "text") return void 0;
+    const parsed = JSON.parse(first.text);
+    const data = parsed.data;
+    return data && typeof data === "object" ? data : void 0;
+  } catch {
+    return void 0;
+  }
+}
+
 // src/middleware/event-logger.ts
 init_esm_shims();
 var import_config2 = __toESM(require_dist(), 1);
-var import_errors26 = __toESM(require_dist2(), 1);
+var import_errors27 = __toESM(require_dist2(), 1);
 import { appendFile as appendFile2, mkdir as mkdir6 } from "fs/promises";
-import { dirname } from "path";
-var logger24 = (0, import_errors26.createMcpLogger)({ name: "@toolcairn/mcp-server:event-logger" });
+import { dirname as dirname2 } from "path";
+var logger25 = (0, import_errors27.createMcpLogger)({ name: "@toolcairn/mcp-server:event-logger" });
 function isTrackingEnabled() {
   return process.env.TOOLCAIRN_TRACKING_ENABLED !== "false";
 }
@@ -5749,11 +6070,11 @@ function extractMetadata(toolName, result) {
 }
 async function writeToFile(eventsPath, event) {
   try {
-    await mkdir6(dirname(eventsPath), { recursive: true });
+    await mkdir6(dirname2(eventsPath), { recursive: true });
     await appendFile2(eventsPath, `${JSON.stringify(event)}
 `, "utf-8");
   } catch (e) {
-    logger24.warn({ err: e, path: eventsPath }, "Failed to write event to JSONL file");
+    logger25.warn({ err: e, path: eventsPath }, "Failed to write event to JSONL file");
   }
 }
 async function sendToApi(event) {
@@ -5775,7 +6096,7 @@ async function sendToApi(event) {
       })
     });
   } catch (e) {
-    logger24.debug({ err: e }, "Failed to send event to API \u2014 non-fatal");
+    logger25.debug({ err: e }, "Failed to send event to API \u2014 non-fatal");
   }
 }
 function withEventLogging(toolName, handler) {
@@ -5816,7 +6137,7 @@ function withEventLogging(toolName, handler) {
 }
 
 // src/server.prod.ts
-var logger25 = (0, import_errors27.createMcpLogger)({ name: "@toolcairn/mcp-server:prod" });
+var logger26 = (0, import_errors28.createMcpLogger)({ name: "@toolcairn/mcp-server:prod" });
 var SETUP_INSTRUCTIONS = `
 # ToolCairn \u2014 Agent Setup Instructions
 
@@ -5900,9 +6221,12 @@ async function addToolsToServer(server) {
     apiKey: creds.client_id,
     accessToken: creds.access_token
   });
-  logger25.info({ user: creds.user_email }, "Registering production tools");
+  logger26.info({ user: creds.user_email }, "Registering production tools");
   function wrap(toolName, fn) {
-    return withEventLogging(toolName, (0, import_errors27.withErrorHandling)(toolName, logger25, fn));
+    return withEventLogging(
+      toolName,
+      withAuditLog(toolName, (0, import_errors28.withErrorHandling)(toolName, logger26, fn))
+    );
   }
   server.registerTool(
     "classify_prompt",
@@ -6040,7 +6364,8 @@ async function addToolsToServer(server) {
         )
       })
     },
-    async ({ action }) => {
+    wrap("toolcairn_auth", async (rawArgs) => {
+      const action = rawArgs.action;
       if (action === "status") {
         const c = await loadCredentials();
         const isAuth = c !== null && isTokenValid(c);
@@ -6075,7 +6400,7 @@ async function addToolsToServer(server) {
       try {
         const user = await startDeviceAuth(import_config3.config.TOOLPILOT_API_URL);
         const initSummary = await runPostAuthInit({ agent: "claude" }).catch((err) => {
-          logger25.warn({ err }, "runPostAuthInit failed post-login \u2014 auth still succeeds");
+          logger26.warn({ err }, "runPostAuthInit failed post-login \u2014 auth still succeeds");
           return null;
         });
         return {
@@ -6102,7 +6427,7 @@ async function addToolsToServer(server) {
           isError: true
         };
       }
-    }
+    })
   );
 }
 async function buildProdServer() {
@@ -6130,14 +6455,14 @@ function createTransport() {
 
 // src/index.prod.ts
 process.env.TOOLPILOT_MODE = "production";
-var logger26 = (0, import_errors28.createMcpLogger)({ name: "@toolcairn/mcp-server" });
+var logger27 = (0, import_errors29.createMcpLogger)({ name: "@toolcairn/mcp-server" });
 async function main() {
   await ensureProjectSetup();
   const creds = await loadCredentials();
   const authenticated = creds !== null && isTokenValid(creds);
   let server;
   if (authenticated) {
-    logger26.info({ user: creds.user_email }, "Authenticated \u2014 starting full server");
+    logger27.info({ user: creds.user_email }, "Authenticated \u2014 starting full server");
     server = await buildProdServer();
   } else {
     let verificationUri = "https://toolcairn.neurynae.com/signup";
@@ -6147,15 +6472,15 @@ async function main() {
       if (pending) {
         verificationUri = pending.verification_uri;
         userCode = pending.user_code;
-        logger26.info({ userCode }, "Resuming pending sign-in");
+        logger27.info({ userCode }, "Resuming pending sign-in");
       } else {
         const codeData = await requestDeviceCode(import_config5.config.TOOLPILOT_API_URL);
         verificationUri = codeData.verification_uri;
         userCode = codeData.user_code;
-        logger26.info({ userCode }, "New sign-in started");
+        logger27.info({ userCode }, "New sign-in started");
       }
     } catch (err) {
-      logger26.error({ err }, "Could not reach ToolCairn API \u2014 check your connection");
+      logger27.error({ err }, "Could not reach ToolCairn API \u2014 check your connection");
     }
     const instructions = userCode ? `# ToolCairn \u2014 Sign In Required
 
@@ -6189,17 +6514,17 @@ After sign-in the server will automatically provision .toolcairn/config.json for
       })
     );
     startDeviceAuth(import_config5.config.TOOLPILOT_API_URL).then(async () => {
-      logger26.info("Sign-in complete \u2014 adding all tools to running server");
+      logger27.info("Sign-in complete \u2014 adding all tools to running server");
       try {
         await addToolsToServer(server);
-        logger26.info("All ToolCairn tools now available");
+        logger27.info("All ToolCairn tools now available");
       } catch (err) {
-        logger26.error({ err }, "Failed to add tools after sign-in \u2014 please reconnect");
+        logger27.error({ err }, "Failed to add tools after sign-in \u2014 please reconnect");
         return;
       }
       try {
         const summary = await runPostAuthInit({ agent: "claude" });
-        logger26.info(
+        logger27.info(
           {
             roots: summary.roots_discovered.length,
             provisioned: summary.projects.length,
@@ -6208,18 +6533,18 @@ After sign-in the server will automatically provision .toolcairn/config.json for
           "Post-sign-in auto-init complete"
         );
       } catch (err) {
-        logger26.warn({ err }, "Post-sign-in auto-init failed \u2014 call toolcairn_init manually");
+        logger27.warn({ err }, "Post-sign-in auto-init failed \u2014 call toolcairn_init manually");
       }
     }).catch((err) => {
-      logger26.error({ err }, "Sign-in failed \u2014 please try again");
+      logger27.error({ err }, "Sign-in failed \u2014 please try again");
     });
   }
   const transport = createTransport();
   await server.connect(transport);
-  logger26.info(authenticated ? "ToolCairn MCP ready" : "ToolCairn MCP ready (awaiting sign-in)");
+  logger27.info(authenticated ? "ToolCairn MCP ready" : "ToolCairn MCP ready (awaiting sign-in)");
   if (authenticated) {
     void runPostAuthInit({ agent: "claude" }).then((summary) => {
-      logger26.info(
+      logger27.info(
         {
           roots: summary.roots_discovered.length,
           provisioned: summary.projects.length,
@@ -6228,15 +6553,14 @@ After sign-in the server will automatically provision .toolcairn/config.json for
         "Background auto-refresh complete"
       );
     }).catch((err) => {
-      logger26.warn({ err }, "Background auto-refresh failed \u2014 config left as-is");
+      logger27.warn({ err }, "Background auto-refresh failed \u2014 config left as-is");
     });
   }
 }
 main().catch((error) => {
-  (0, import_errors28.createMcpLogger)({ name: "@toolcairn/mcp-server" }).error(
+  (0, import_errors29.createMcpLogger)({ name: "@toolcairn/mcp-server" }).error(
     { err: error },
     "Failed to start MCP server"
   );
   process.exit(1);
 });
-//# sourceMappingURL=index.js.map