@neurynae/toolcairn-mcp 0.7.0 → 0.8.0

package/dist/index.js

@@ -184,6 +184,31 @@ import { homedir } from "os";
 import { join } from "path";
 var CREDENTIALS_DIR = join(homedir(), ".toolcairn");
 var CREDENTIALS_FILE = join(CREDENTIALS_DIR, "credentials.json");
+var PENDING_AUTH_FILE = join(CREDENTIALS_DIR, "pending-auth.json");
+async function savePendingAuth(data) {
+  await mkdir(CREDENTIALS_DIR, { recursive: true });
+  await writeFile(PENDING_AUTH_FILE, JSON.stringify(data, null, 2), "utf-8");
+}
+async function loadPendingAuth() {
+  try {
+    const raw = await readFile(PENDING_AUTH_FILE, "utf-8");
+    const data = JSON.parse(raw);
+    if (new Date(data.expires_at) < /* @__PURE__ */ new Date()) {
+      await clearPendingAuth();
+      return null;
+    }
+    return data;
+  } catch {
+    return null;
+  }
+}
+async function clearPendingAuth() {
+  try {
+    const { unlink } = await import("fs/promises");
+    await unlink(PENDING_AUTH_FILE);
+  } catch {
+  }
+}
 function isTokenValid(creds) {
   if (!creds.access_token)
     return false;
@@ -261,13 +286,7 @@ async function openBrowser(url) {
       cmd = "xdg-open";
       args = [url];
     }
-    const child = spawn(cmd, args, {
-      detached: true,
-      // detach from parent process group
-      stdio: "ignore",
-      // don't inherit parent's stdio
-      shell: false
-    });
+    const child = spawn(cmd, args, { detached: true, stdio: "ignore", shell: false });
     child.unref();
   } catch {
   }
@@ -276,21 +295,48 @@ async function requestDeviceCode(apiUrl) {
   const res = await fetch(`${apiUrl}/v1/auth/device-code`, { method: "POST" });
   if (!res.ok)
     throw new Error("Failed to start device auth. Check your internet connection.");
-  return await res.json();
+  const data = await res.json();
+  await savePendingAuth({
+    device_code: data.device_code,
+    user_code: data.user_code,
+    verification_uri: data.verification_uri,
+    expires_at: new Date(Date.now() + data.expires_in * 1e3).toISOString(),
+    api_url: apiUrl
+  });
+  return data;
 }
 async function startDeviceAuth(apiUrl) {
-  const codeData = await requestDeviceCode(apiUrl);
-  process.stderr.write("\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
-  process.stderr.write("  ToolCairn \u2014 Sign In Required\n");
-  process.stderr.write("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
-  process.stderr.write("\n  Opening browser for authentication...\n\n");
-  process.stderr.write(`  URL:  ${codeData.verification_uri}
+  const pending = await loadPendingAuth();
+  let codeData;
+  if (pending && pending.api_url === apiUrl) {
+    codeData = {
+      device_code: pending.device_code,
+      user_code: pending.user_code,
+      verification_uri: pending.verification_uri,
+      expires_in: Math.floor((new Date(pending.expires_at).getTime() - Date.now()) / 1e3),
+      interval: 5
+    };
+    process.stderr.write("\n  ToolCairn: Waiting for sign-in confirmation...\n");
+    process.stderr.write(`  URL:  ${codeData.verification_uri}
+`);
+    process.stderr.write(`  Code: ${codeData.user_code}
+
+`);
+  } else {
+    codeData = await requestDeviceCode(apiUrl);
+    process.stderr.write("\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
+    process.stderr.write("  ToolCairn \u2014 Sign In Required\n");
+    process.stderr.write("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
+    process.stderr.write("\n  Opening browser for authentication...\n\n");
+    process.stderr.write(`  URL:  ${codeData.verification_uri}
 `);
-  process.stderr.write(`  Code: ${codeData.user_code}
+    process.stderr.write(`  Code: ${codeData.user_code}
 `);
-  process.stderr.write("\n  Waiting... (browser should open automatically)\n\n");
-  await openBrowser(codeData.verification_uri);
-  const result = await pollForToken(apiUrl, codeData.device_code, codeData.interval);
+    process.stderr.write("\n  Waiting... (browser should open automatically)\n\n");
+    await openBrowser(codeData.verification_uri);
+  }
+  const result = await pollForToken(apiUrl, codeData.device_code, 5);
+  await clearPendingAuth();
   await upgradeToAuthenticated(result.access_token, result.api_key, result.user);
   process.stderr.write(`
   \u2713 Signed in as ${result.user.email}
@@ -314,8 +360,10 @@ async function pollForToken(apiUrl, deviceCode, intervalSec) {
     const data = await res.json();
     if (data.error === "authorization_pending")
       continue;
-    if (data.error === "expired_token")
+    if (data.error === "expired_token") {
+      await clearPendingAuth();
       throw new Error("Device code expired. Please try again.");
+    }
     if (data.error)
       throw new Error(`Authorization failed: ${data.error}`);
     if (data.access_token)
@@ -810,62 +858,61 @@ async function createIfAbsent(filePath, content, label) {
 // src/server.prod.ts
 init_esm_shims();
 var import_config = __toESM(require_dist(), 1);
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 
 // ../../packages/tools/dist/local.js
 init_esm_shims();
 
 // ../../packages/tools/dist/schemas.js
 init_esm_shims();
-import { z as z2 } from "zod";
+import { z } from "zod";
 var searchToolsSchema = {
-  query: z2.string().min(1).max(500),
-  context: z2.object({ filters: z2.record(z2.string(), z2.unknown()) }).optional(),
-  query_id: z2.string().uuid().optional(),
-  user_id: z2.string().optional()
+  query: z.string().min(1).max(500),
+  context: z.object({ filters: z.record(z.string(), z.unknown()) }).optional(),
+  query_id: z.string().uuid().optional(),
+  user_id: z.string().optional()
 };
 var searchToolsRespondSchema = {
-  query_id: z2.string().uuid(),
-  answers: z2.array(z2.object({ dimension: z2.string(), value: z2.string() }))
+  query_id: z.string().uuid(),
+  answers: z.array(z.object({ dimension: z.string(), value: z.string() }))
 };
 var reportOutcomeSchema = {
-  query_id: z2.string().uuid(),
-  chosen_tool: z2.string(),
-  reason: z2.string().optional(),
-  outcome: z2.enum(["success", "failure", "replaced", "pending"]),
-  feedback: z2.string().optional(),
-  replaced_by: z2.string().optional()
+  query_id: z.string().uuid(),
+  chosen_tool: z.string(),
+  reason: z.string().optional(),
+  outcome: z.enum(["success", "failure", "replaced", "pending"]),
+  feedback: z.string().optional(),
+  replaced_by: z.string().optional()
 };
 var getStackSchema = {
-  use_case: z2.string().min(1),
-  constraints: z2.object({
-    deployment_model: z2.enum(["self-hosted", "cloud", "embedded", "serverless"]).optional(),
-    language: z2.string().optional(),
-    license: z2.string().optional()
+  use_case: z.string().min(1),
+  constraints: z.object({
+    deployment_model: z.enum(["self-hosted", "cloud", "embedded", "serverless"]).optional(),
+    language: z.string().optional(),
+    license: z.string().optional()
   }).optional(),
-  limit: z2.number().int().positive().max(10).default(5)
+  limit: z.number().int().positive().max(10).default(5)
 };
 var checkIssueSchema = {
-  tool_name: z2.string(),
-  issue_title: z2.string(),
-  retry_count: z2.number().int().min(0).default(0),
-  docs_consulted: z2.boolean().default(false),
-  issue_url: z2.string().url().optional()
+  tool_name: z.string(),
+  issue_title: z.string(),
+  retry_count: z.number().int().min(0).default(0),
+  docs_consulted: z.boolean().default(false),
+  issue_url: z.string().url().optional()
 };
 var checkCompatibilitySchema = {
-  tool_a: z2.string(),
-  tool_b: z2.string()
+  tool_a: z.string(),
+  tool_b: z.string()
 };
 var suggestGraphUpdateSchema = {
-  suggestion_type: z2.enum(["new_tool", "new_edge", "update_health", "new_use_case"]),
-  data: z2.object({
-    tool_name: z2.string().optional(),
-    github_url: z2.string().url().optional(),
-    description: z2.string().optional(),
-    relationship: z2.object({
-      source_tool: z2.string(),
-      target_tool: z2.string(),
-      edge_type: z2.enum([
+  suggestion_type: z.enum(["new_tool", "new_edge", "update_health", "new_use_case"]),
+  data: z.object({
+    tool_name: z.string().optional(),
+    github_url: z.string().url().optional(),
+    description: z.string().optional(),
+    relationship: z.object({
+      source_tool: z.string(),
+      target_tool: z.string(),
+      edge_type: z.enum([
         "SOLVES",
         "REQUIRES",
         "INTEGRATES_WITH",
@@ -875,68 +922,68 @@ var suggestGraphUpdateSchema = {
         "BREAKS_FROM",
         "COMPATIBLE_WITH"
       ]),
-      evidence: z2.string().optional()
+      evidence: z.string().optional()
     }).optional(),
-    use_case: z2.object({
-      name: z2.string(),
-      description: z2.string(),
-      tools: z2.array(z2.string()).optional()
+    use_case: z.object({
+      name: z.string(),
+      description: z.string(),
+      tools: z.array(z.string()).optional()
     }).optional()
   }),
-  query_id: z2.string().uuid().optional(),
-  confidence: z2.number().min(0).max(1).default(0.5)
+  query_id: z.string().uuid().optional(),
+  confidence: z.number().min(0).max(1).default(0.5)
 };
 var compareToolsSchema = {
-  tool_a: z2.string().min(1),
-  tool_b: z2.string().min(1),
-  use_case: z2.string().optional(),
-  project_config: z2.string().max(1e5).optional()
+  tool_a: z.string().min(1),
+  tool_b: z.string().min(1),
+  use_case: z.string().optional(),
+  project_config: z.string().max(1e5).optional()
 };
 var toolpilotInitSchema = {
-  agent: z2.enum(["claude", "cursor", "windsurf", "copilot", "copilot-cli", "opencode", "generic"]),
-  project_root: z2.string().min(1),
-  server_path: z2.string().optional(),
-  detected_files: z2.array(z2.string()).optional()
+  agent: z.enum(["claude", "cursor", "windsurf", "copilot", "copilot-cli", "opencode", "generic"]),
+  project_root: z.string().min(1),
+  server_path: z.string().optional(),
+  detected_files: z.array(z.string()).optional()
 };
 var initProjectConfigSchema = {
-  project_name: z2.string().min(1).max(200),
-  language: z2.string().min(1).max(50),
-  framework: z2.string().optional(),
-  detected_tools: z2.array(z2.object({
-    name: z2.string(),
-    source: z2.enum(["toolpilot", "manual", "non_oss"]),
-    version: z2.string().optional()
+  project_name: z.string().min(1).max(200),
+  language: z.string().min(1).max(50),
+  framework: z.string().optional(),
+  detected_tools: z.array(z.object({
+    name: z.string(),
+    source: z.enum(["toolpilot", "manual", "non_oss"]),
+    version: z.string().optional()
   })).optional()
 };
 var readProjectConfigSchema = {
-  config_content: z2.string().min(1).max(1e5)
+  config_content: z.string().min(1).max(1e5)
 };
 var updateProjectConfigSchema = {
-  current_config: z2.string().min(1).max(1e5),
-  action: z2.enum(["add_tool", "remove_tool", "update_tool", "add_evaluation"]),
-  tool_name: z2.string().min(1),
-  data: z2.record(z2.string(), z2.unknown()).optional()
+  current_config: z.string().min(1).max(1e5),
+  action: z.enum(["add_tool", "remove_tool", "update_tool", "add_evaluation"]),
+  tool_name: z.string().min(1),
+  data: z.record(z.string(), z.unknown()).optional()
 };
 var classifyPromptSchema = {
-  prompt: z2.string().min(1).max(2e3),
-  project_tools: z2.array(z2.string()).optional()
+  prompt: z.string().min(1).max(2e3),
+  project_tools: z.array(z.string()).optional()
 };
 var verifySuggestionSchema = {
-  query: z2.string().min(1).max(500),
-  agent_suggestions: z2.array(z2.string().min(1)).min(1).max(10)
+  query: z.string().min(1).max(500),
+  agent_suggestions: z.array(z.string().min(1)).min(1).max(10)
 };
 var refineRequirementSchema = {
-  prompt: z2.string().min(1).max(2e3),
-  classification: z2.enum([
+  prompt: z.string().min(1).max(2e3),
+  classification: z.enum([
     "tool_discovery",
     "stack_building",
     "tool_comparison",
     "tool_configuration"
   ]),
-  project_context: z2.object({
-    existing_tools: z2.array(z2.string()).optional(),
-    language: z2.string().optional(),
-    framework: z2.string().optional()
+  project_context: z.object({
+    existing_tools: z.array(z.string()).optional(),
+    language: z.string().optional(),
+    framework: z.string().optional()
   }).optional()
 };
 
@@ -1876,6 +1923,7 @@ async function handleUpdateProjectConfig(args) {
 
 // src/server.prod.ts
 import pino8 from "pino";
+import { z as z2 } from "zod";
 
 // src/middleware/event-logger.ts
 init_esm_shims();
@@ -2041,27 +2089,17 @@ The server wrote the file at startup. You still need to fill in the project deta
 | A tool worked well or was replaced | \`report_outcome\` |
 | Tool added/removed from project | \`update_project_config\` |
 `.trim();
-async function buildProdServer() {
+async function addToolsToServer(server) {
   const creds = await loadCredentials();
   if (!creds || !isTokenValid(creds)) {
-    throw new Error("ToolCairn: authentication required. Restart your agent to sign in.");
+    throw new Error("ToolCairn: authentication required.");
   }
   const remote = new ToolCairnClient({
     baseUrl: import_config.config.TOOLPILOT_API_URL,
     apiKey: creds.client_id,
     accessToken: creds.access_token
   });
-  logger8.info(
-    {
-      apiUrl: import_config.config.TOOLPILOT_API_URL,
-      user: creds.user_email
-    },
-    "Production MCP mode: authenticated"
-  );
-  const server = new McpServer(
-    { name: "toolcairn", version: "0.1.0" },
-    { instructions: SETUP_INSTRUCTIONS }
-  );
+  logger8.info({ user: creds.user_email }, "Registering production tools");
   server.registerTool(
     "classify_prompt",
     {
@@ -2186,8 +2224,8 @@ async function buildProdServer() {
     "toolcairn_auth",
     {
       description: 'Manage your ToolCairn authentication. Use "login" to authenticate via browser (unlocks higher rate limits), "status" to check current auth state, or "logout" to revert to anonymous mode.',
-      inputSchema: z.object({
-        action: z.enum(["login", "status", "logout"]).describe(
+      inputSchema: z2.object({
+        action: z2.enum(["login", "status", "logout"]).describe(
           '"login" opens a browser to authenticate, "status" shows current auth state, "logout" clears authentication'
         )
       })
@@ -2248,6 +2286,13 @@ async function buildProdServer() {
       }
     }
   );
+}
+async function buildProdServer() {
+  const server = new McpServer(
+    { name: "toolcairn", version: "0.1.0" },
+    { instructions: SETUP_INSTRUCTIONS }
+  );
+  await addToolsToServer(server);
   return server;
 }
 
@@ -2280,32 +2325,29 @@ async function main() {
     let verificationUri = "https://toolcairn.neurynae.com/signup";
     let userCode = "";
     try {
-      const codeData = await requestDeviceCode(import_config3.config.TOOLPILOT_API_URL);
-      verificationUri = codeData.verification_uri;
-      userCode = codeData.user_code;
-      startDeviceAuth(import_config3.config.TOOLPILOT_API_URL).then(() => {
-        logger9.info("Sign-in complete. Restart your agent to access all ToolCairn tools.");
-      }).catch((err) => {
-        logger9.error({ err }, "Sign-in failed \u2014 restart your agent and try again");
-      });
+      const pending = await loadPendingAuth();
+      if (pending) {
+        verificationUri = pending.verification_uri;
+        userCode = pending.user_code;
+        logger9.info({ userCode }, "Resuming pending sign-in");
+      } else {
+        const codeData = await requestDeviceCode(import_config3.config.TOOLPILOT_API_URL);
+        verificationUri = codeData.verification_uri;
+        userCode = codeData.user_code;
+        logger9.info({ userCode }, "New sign-in started");
+      }
     } catch (err) {
       logger9.error({ err }, "Could not reach ToolCairn API \u2014 check your connection");
     }
-    server = new McpServer2(
-      { name: "toolcairn", version: "0.1.0" },
-      {
-        instructions: userCode ? `# ToolCairn \u2014 Sign In Required
+    const instructions = userCode ? `# ToolCairn \u2014 Sign In Required
 
 A browser window should have opened automatically.
 
 **Sign-in URL:** ${verificationUri}
 **Code to confirm:** \`${userCode}\`
 
-Open the URL, sign in, and confirm the code shown on the page. Then restart your agent \u2014 all 14 tools will be available.` : `# ToolCairn \u2014 Sign In Required
-
-Visit ${verificationUri} to create an account, then restart your agent.`
-      }
-    );
+Open the URL, sign in, and confirm the code shown. All 14 tools will appear automatically \u2014 no restart needed.` : "# ToolCairn \u2014 Sign In Required\n\nVisit https://toolcairn.neurynae.com to create an account, then reconnect.";
+    server = new McpServer2({ name: "toolcairn", version: "0.1.0" }, { instructions });
     server.registerTool(
       "toolcairn_auth",
       {
@@ -2320,16 +2362,27 @@ Visit ${verificationUri} to create an account, then restart your agent.`
               authenticated: false,
               sign_in_url: verificationUri,
               code: userCode || null,
-              message: userCode ? `Open ${verificationUri}, confirm code "${userCode}", then restart your agent.` : "Visit toolcairn.neurynae.com to create an account, then restart your agent."
+              message: userCode ? `Open ${verificationUri} and confirm code "${userCode}". Tools will appear automatically when confirmed.` : "Visit toolcairn.neurynae.com to sign up."
             })
           }
         ]
       })
     );
+    startDeviceAuth(import_config3.config.TOOLPILOT_API_URL).then(async () => {
+      logger9.info("Sign-in complete \u2014 adding all tools to running server");
+      try {
+        await addToolsToServer(server);
+        logger9.info("All ToolCairn tools now available");
+      } catch (err) {
+        logger9.error({ err }, "Failed to add tools after sign-in \u2014 please reconnect");
+      }
+    }).catch((err) => {
+      logger9.error({ err }, "Sign-in failed \u2014 please try again");
+    });
   }
   const transport = createTransport();
   await server.connect(transport);
-  logger9.info(authenticated ? "ToolCairn MCP ready" : "ToolCairn MCP ready (sign-in required)");
+  logger9.info(authenticated ? "ToolCairn MCP ready" : "ToolCairn MCP ready (awaiting sign-in)");
 }
 main().catch((error) => {
   pino9({ name: "@toolcairn/mcp-server" }).error({ err: error }, "Failed to start MCP server");