@nexvora/mcp-server 0.3.2 → 0.4.0

package/src/__tests__/nexvora_knowledge_subscribe.test.ts

@@ -1,173 +0,0 @@
-import { jest } from "@jest/globals";
-
-import { NexvoraApiError, NexvoraClient } from "../NexvoraClient.js";
-import { nexvora_knowledge_subscribe } from "../tools/nexvora_knowledge_subscribe.js";
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-function makeClient(): any {
-  const client = new NexvoraClient({
-    baseUrl: "https://api.nxvora.online",
-    accessToken: "token",
-  });
-  (client as any).get = jest.fn();
-  (client as any).post = jest.fn();
-  (client as any).sendAudit = jest.fn().mockResolvedValue(undefined);
-  return client;
-}
-
-const KB_ID = "aaaaaaaa-0000-0000-0000-000000000001";
-
-const KB = {
-  id: KB_ID,
-  agentName: "DataBot",
-  title: "ML Engineering Handbook",
-  monthlyPriceCoins: 100,
-};
-
-const SUB_RESPONSE = {
-  id: "cccccccc-0000-0000-0000-000000000001",
-  knowledgeId: KB_ID,
-  status: "ACTIVE",
-  nextBillingAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
-};
-
-describe("nexvora_knowledge_subscribe tool", () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-
-  it("defaults confirm to false", () => {
-    const parsed = nexvora_knowledge_subscribe.inputSchema.parse({ knowledgeId: KB_ID });
-    expect(parsed.confirm).toBe(false);
-  });
-
-  describe("preview mode (confirm=false)", () => {
-    it("returns subscription preview without posting", async () => {
-      const client = makeClient();
-      client.get.mockResolvedValueOnce(KB);
-
-      const result = await nexvora_knowledge_subscribe.handler(
-        { knowledgeId: KB_ID, confirm: false },
-        client,
-      );
-
-      expect(result).toContain("## Subscription Preview");
-      expect(result).toContain("ML Engineering Handbook");
-      expect(result).toContain("DataBot");
-      expect(result).toContain("100");
-      expect(result).toContain("renews automatically");
-      expect(result).toContain("confirm: true");
-      expect(client.post).not.toHaveBeenCalled();
-    });
-
-    it("shows next bill date as today + 30 days", async () => {
-      const client = makeClient();
-      client.get.mockResolvedValueOnce(KB);
-
-      const result = await nexvora_knowledge_subscribe.handler(
-        { knowledgeId: KB_ID, confirm: false },
-        client,
-      );
-
-      const expectedDate = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
-        .toISOString()
-        .slice(0, 10);
-      expect(result).toContain(expectedDate);
-    });
-
-    it("calls GET /knowledge/{id} to fetch KB details", async () => {
-      const client = makeClient();
-      client.get.mockResolvedValueOnce(KB);
-
-      await nexvora_knowledge_subscribe.handler({ knowledgeId: KB_ID, confirm: false }, client);
-
-      expect(client.get).toHaveBeenCalledWith(`/knowledge/${KB_ID}`);
-    });
-  });
-
-  describe("confirm mode (confirm=true)", () => {
-    it("submits subscription and returns confirmation", async () => {
-      const client = makeClient();
-      client.get.mockResolvedValueOnce(KB);
-      client.post.mockResolvedValueOnce(SUB_RESPONSE);
-
-      const result = await nexvora_knowledge_subscribe.handler(
-        { knowledgeId: KB_ID, confirm: true },
-        client,
-      );
-
-      expect(result).toContain("## Subscription Confirmed");
-      expect(result).toContain(SUB_RESPONSE.id);
-      expect(result).toContain("ACTIVE");
-      expect(result).toContain("100");
-      expect(result).toContain("nexvora_knowledge_unsubscribe");
-    });
-
-    it("posts to /knowledge/{id}/subscribe with empty body", async () => {
-      const client = makeClient();
-      client.get.mockResolvedValueOnce(KB);
-      client.post.mockResolvedValueOnce(SUB_RESPONSE);
-
-      await nexvora_knowledge_subscribe.handler({ knowledgeId: KB_ID, confirm: true }, client);
-
-      expect(client.post).toHaveBeenCalledWith(`/knowledge/${KB_ID}/subscribe`, {});
-    });
-  });
-
-  describe("error handling", () => {
-    it("returns 404 message when knowledge base not found", async () => {
-      const client = makeClient();
-      client.get.mockRejectedValueOnce(
-        new NexvoraApiError(404, "Not Found", `/knowledge/${KB_ID}`),
-      );
-
-      const result = await nexvora_knowledge_subscribe.handler(
-        { knowledgeId: KB_ID, confirm: false },
-        client,
-      );
-
-      expect(result).toContain("not found");
-      expect(result).toContain(KB_ID);
-    });
-
-    it("returns 409 message when already subscribed", async () => {
-      const client = makeClient();
-      client.get.mockResolvedValueOnce(KB);
-      client.post.mockRejectedValueOnce(
-        new NexvoraApiError(409, "Conflict", `/knowledge/${KB_ID}/subscribe`),
-      );
-
-      const result = await nexvora_knowledge_subscribe.handler(
-        { knowledgeId: KB_ID, confirm: true },
-        client,
-      );
-
-      expect(result).toContain("already subscribed");
-    });
-
-    it("returns auth error message on 401", async () => {
-      const client = makeClient();
-      client.get.mockRejectedValueOnce(
-        new NexvoraApiError(401, "Unauthorized", `/knowledge/${KB_ID}`),
-      );
-
-      const result = await nexvora_knowledge_subscribe.handler(
-        { knowledgeId: KB_ID, confirm: false },
-        client,
-      );
-
-      expect(result).toContain("nexvora login");
-    });
-
-    it("re-throws non-handled errors", async () => {
-      const client = makeClient();
-      client.get.mockRejectedValueOnce(
-        new NexvoraApiError(500, "Server Error", `/knowledge/${KB_ID}`),
-      );
-
-      await expect(
-        nexvora_knowledge_subscribe.handler({ knowledgeId: KB_ID, confirm: false }, client),
-      ).rejects.toBeInstanceOf(NexvoraApiError);
-    });
-  });
-});

package/src/__tests__/nexvora_observatory.test.ts

@@ -1,125 +0,0 @@
-import { jest } from "@jest/globals";
-
-import { NexvoraApiError, NexvoraClient } from "../NexvoraClient.js";
-import { nexvora_observatory } from "../tools/nexvora_observatory.js";
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-function makeClient(): any {
-  const client = new NexvoraClient({
-    baseUrl: "https://api.nxvora.online",
-    accessToken: "token",
-  });
-  (client as any).get = jest.fn();
-  (client as any).sendAudit = jest.fn().mockResolvedValue(undefined);
-  return client;
-}
-
-const SNAPSHOT = {
-  onlineAgentsCount: 42,
-  tasksCompletedToday: 1337,
-  tasksInQueue: 7,
-  totalCoinsInCirculation: 999999,
-  avgTaskLatencyMs: 2450.5,
-  topDonors: [
-    {
-      agentId: "agent-uuid-1",
-      agentName: "AlphaBot",
-      tasksCompleted: 200,
-      reputationScore: 4.9,
-    },
-    {
-      agentId: "agent-uuid-2",
-      agentName: "BetaBot",
-      tasksCompleted: 150,
-      reputationScore: 4.7,
-    },
-  ],
-};
-
-describe("nexvora_observatory tool", () => {
-  // Advance 1.5x TTL (90s) per test so the module-level TtlCache expires between tests.
-  let epoch = 1_000_000_000_000;
-
-  beforeEach(() => {
-    jest.clearAllMocks();
-    jest.useFakeTimers({ now: epoch });
-    epoch += 90_000;
-  });
-
-  afterEach(() => {
-    jest.useRealTimers();
-  });
-
-  it("returns formatted markdown health snapshot", async () => {
-    const client = makeClient();
-    client.get.mockResolvedValueOnce(SNAPSHOT);
-
-    const result = await nexvora_observatory.handler({}, client);
-
-    expect(result).toContain("## NexVora Platform Health");
-    expect(result).toContain("42");
-    expect(result).toContain("1,337");
-    expect(result).toContain("7");
-    expect(result).toContain("999,999");
-    expect(result).toContain("2,451 ms");
-  });
-
-  it("shows top donor table with names and reputation", async () => {
-    const client = makeClient();
-    client.get.mockResolvedValueOnce(SNAPSHOT);
-
-    const result = await nexvora_observatory.handler({}, client);
-
-    expect(result).toContain("Top Donor Agents");
-    expect(result).toContain("AlphaBot");
-    expect(result).toContain("BetaBot");
-    expect(result).toContain("4.9");
-    expect(result).toContain("200");
-  });
-
-  it("shows no donor data message when topDonors is empty", async () => {
-    const client = makeClient();
-    client.get.mockResolvedValueOnce({ ...SNAPSHOT, topDonors: [] });
-
-    const result = await nexvora_observatory.handler({}, client);
-
-    expect(result).toContain("No donor agent data available yet");
-  });
-
-  it("shows N/A for latency when avgTaskLatencyMs is 0", async () => {
-    const client = makeClient();
-    client.get.mockResolvedValueOnce({ ...SNAPSHOT, avgTaskLatencyMs: 0 });
-
-    const result = await nexvora_observatory.handler({}, client);
-
-    expect(result).toContain("N/A");
-  });
-
-  it("calls GET /observatory", async () => {
-    const client = makeClient();
-    client.get.mockResolvedValueOnce(SNAPSHOT);
-
-    await nexvora_observatory.handler({}, client);
-
-    expect(client.get).toHaveBeenCalledWith("/observatory");
-  });
-
-  it("returns auth error message on 401", async () => {
-    const client = makeClient();
-    client.get.mockRejectedValueOnce(new NexvoraApiError(401, "Unauthorized", "/observatory"));
-
-    const result = await nexvora_observatory.handler({}, client);
-
-    expect(result).toContain("nexvora login");
-    expect(result).toContain("Not authenticated");
-  });
-
-  it("re-throws non-auth errors", async () => {
-    const client = makeClient();
-    client.get.mockRejectedValueOnce(new NexvoraApiError(500, "Server Error", "/observatory"));
-
-    await expect(nexvora_observatory.handler({}, client)).rejects.toBeInstanceOf(
-      NexvoraApiError,
-    );
-  });
-});

package/src/__tests__/nexvora_wallet_balance.test.ts

@@ -1,165 +0,0 @@
-import { jest } from "@jest/globals";
-
-import { NexvoraApiError, NexvoraClient } from "../NexvoraClient.js";
-import { nexvora_wallet_balance } from "../tools/nexvora_wallet_balance.js";
-
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-function makeClient(): any {
-  const client = new NexvoraClient({
-    baseUrl: "https://api.nxvora.online",
-    accessToken: "token",
-  });
-  (client as any).get = jest.fn();
-  (client as any).sendAudit = jest.fn().mockResolvedValue(undefined);
-  return client;
-}
-
-// Backend region-filters the /wallet response — non-IN users get only usd*
-// fields, IN users get only inr*. Reflect that here so the test data matches
-// real wire shape.
-const WALLET_RESPONSE_USD = {
-  coinBalance: 1500,
-  usdEquivalent: "7.50",
-  coinUsdRate: "0.005",
-};
-
-const WALLET_RESPONSE_INR = {
-  coinBalance: 1500,
-  inrEquivalent: "750.00",
-  coinInrRate: "0.50",
-};
-
-const WALLET_RESPONSE = WALLET_RESPONSE_USD;
-
-const LEDGER_RESPONSE = {
-  content: [
-    {
-      id: "uuid-1",
-      amount: 500,
-      txType: "SIGNUP_BONUS",
-      note: "Welcome bonus",
-      createdAt: "2026-05-01T10:00:00Z",
-    },
-    {
-      id: "uuid-2",
-      amount: -10,
-      txType: "TASK_FEE",
-      note: "Task: Summarise PDF",
-      createdAt: "2026-05-02T12:00:00Z",
-    },
-  ],
-  totalElements: 2,
-};
-
-describe("nexvora_wallet_balance tool", () => {
-  // Advance 2x TTL (120s) per test so the module-level TtlCache expires between tests.
-  let epoch = 1_000_000_000_000;
-
-  beforeEach(() => {
-    jest.clearAllMocks();
-    jest.useFakeTimers({ now: epoch });
-    epoch += 120_000;
-  });
-
-  afterEach(() => {
-    jest.useRealTimers();
-  });
-
-  it("returns formatted markdown with balance and transactions (USD region)", async () => {
-    const client = makeClient();
-    client.get
-      .mockResolvedValueOnce(WALLET_RESPONSE_USD)
-      .mockResolvedValueOnce(LEDGER_RESPONSE);
-
-    const result = await nexvora_wallet_balance.handler({}, client);
-
-    expect(result).toContain("## NexVora Wallet");
-    expect(result).toContain("1,500 coins");
-    expect(result).toContain("$7.50");
-    expect(result).toContain("1 coin = $0.005");
-    // INR fields are absent in the response and must NOT leak into the output.
-    expect(result).not.toContain("INR");
-    expect(result).not.toContain("undefined");
-    expect(result).toContain("SIGNUP_BONUS");
-    expect(result).toContain("Welcome bonus");
-    expect(result).toContain("+500 coins");
-    expect(result).toContain("-10 coins");
-  });
-
-  it("renders INR-only when the backend returns the India currency block", async () => {
-    const client = makeClient();
-    client.get
-      .mockResolvedValueOnce(WALLET_RESPONSE_INR)
-      .mockResolvedValueOnce(LEDGER_RESPONSE);
-
-    const result = await nexvora_wallet_balance.handler({}, client);
-
-    expect(result).toContain("₹750.00");
-    expect(result).toContain("1 coin = ₹0.50");
-    expect(result).not.toContain("USD");
-    expect(result).not.toContain("undefined");
-  });
-
-  it("calls /wallet and /wallet/ledger?size=10 in parallel", async () => {
-    const client = makeClient();
-    client.get
-      .mockResolvedValueOnce(WALLET_RESPONSE)
-      .mockResolvedValueOnce(LEDGER_RESPONSE);
-
-    await nexvora_wallet_balance.handler({}, client);
-
-    expect(client.get).toHaveBeenCalledWith("/wallet");
-    expect(client.get).toHaveBeenCalledWith("/wallet/ledger?size=10");
-  });
-
-  it("shows total count when more transactions exist", async () => {
-    const client = makeClient();
-    const manyLedger = { content: LEDGER_RESPONSE.content, totalElements: 50 };
-    client.get
-      .mockResolvedValueOnce(WALLET_RESPONSE)
-      .mockResolvedValueOnce(manyLedger);
-
-    const result = await nexvora_wallet_balance.handler({}, client);
-
-    expect(result).toContain("48 more");
-  });
-
-  it("shows empty state when no transactions exist", async () => {
-    const client = makeClient();
-    client.get
-      .mockResolvedValueOnce(WALLET_RESPONSE)
-      .mockResolvedValueOnce({ content: [], totalElements: 0 });
-
-    const result = await nexvora_wallet_balance.handler({}, client);
-
-    expect(result).toContain("No transactions yet");
-  });
-
-  it("returns auth error message on 401", async () => {
-    const client = makeClient();
-    client.get.mockRejectedValueOnce(new NexvoraApiError(401, "Unauthorized", "/wallet"));
-
-    const result = await nexvora_wallet_balance.handler({}, client);
-
-    expect(result).toContain("nexvora login");
-    expect(result).toContain("Not authenticated");
-  });
-
-  it("returns auth error message on 403", async () => {
-    const client = makeClient();
-    client.get.mockRejectedValueOnce(new NexvoraApiError(403, "Forbidden", "/wallet"));
-
-    const result = await nexvora_wallet_balance.handler({}, client);
-
-    expect(result).toContain("nexvora login");
-  });
-
-  it("re-throws non-auth errors", async () => {
-    const client = makeClient();
-    client.get.mockRejectedValueOnce(new NexvoraApiError(500, "Server Error", "/wallet"));
-
-    await expect(nexvora_wallet_balance.handler({}, client)).rejects.toBeInstanceOf(
-      NexvoraApiError,
-    );
-  });
-});

package/src/auth/oauth.ts

@@ -1,247 +0,0 @@
-/**
- * OAuth 2.0 Device Authorization Grant (RFC 8628) for the NexVora MCP CLI.
- *
- * This is the same flow the Rust daemon uses (see
- * nexvora-daemon/crates/daemon-main/src/auth.rs). It is the locked auth model
- * for headless clients per the daemon-auth-model design.
- *
- * Flow:
- *   1. POST /oauth/device/authorize           → device_code + user_code +
- *                                               verification_uri_complete
- *   2. Print the user_code in the terminal and open
- *      verification_uri_complete in the user's browser
- *   3. Poll POST /oauth/device/token at the negotiated interval, honouring
- *      authorization_pending / slow_down, until the user approves, denies,
- *      or the code expires
- *   4. Fetch the authenticated user profile to obtain the userId
- *   5. Return a Config-compatible object for the caller to persist
- */
-
-import { exec } from "node:child_process";
-import { hostname } from "node:os";
-
-import type { Config } from "../config.js";
-
-const CLIENT_ID = "nexvora-mcp-server";
-const SCOPE = "mcp:tools offline_access";
-const DEVICE_CODE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
-
-/** Hard ceiling regardless of the server-advertised expires_in. */
-const SAFETY_TIMEOUT_MS = 15 * 60 * 1000;
-
-/** Minimum interval between polls in seconds (defensive floor). */
-const MIN_POLL_INTERVAL_SECONDS = 1;
-
-/** RFC 8628 §3.5: on slow_down, increase the polling interval by 5 seconds. */
-const SLOW_DOWN_INCREMENT_MS = 5_000;
-
-// ── Public API ─────────────────────────────────────────────────────────────────
-
-export interface DeviceAuthorizationResponse {
-  device_code: string;
-  user_code: string;
-  verification_uri: string;
-  verification_uri_complete: string;
-  expires_in: number;
-  interval: number;
-}
-
-export interface DeviceTokenSuccess {
-  access_token: string;
-  refresh_token: string;
-  token_type: string;
-  expires_in: number;
-  scope?: string;
-}
-
-interface OAuthErrorBody {
-  error: string;
-  error_description?: string;
-}
-
-/**
- * Error thrown when the device-grant flow ends without issuing tokens
- * (denial, expiry, timeout, server error). The {@code code} property is the
- * RFC 8628 / 6749 error code or "timeout".
- */
-export class DeviceGrantError extends Error {
-  constructor(public readonly code: string, message: string) {
-    super(message);
-    this.name = "DeviceGrantError";
-  }
-}
-
-/**
- * Run the full interactive Device Grant login flow.
- *
- * @param serverUrl  Base URL of the NexVora API (e.g. https://api.nxvora.online)
- * @returns          A completed Config object ready to be written by ConfigManager
- */
-export async function loginInteractive(serverUrl: string): Promise<Config> {
-  const base = serverUrl.replace(/\/$/, "");
-
-  // 1. Start the device authorization
-  const grant = await startDeviceAuthorization(base);
-
-  // 2. Print code + open browser
-  printUserPrompt(grant);
-  openBrowser(grant.verification_uri_complete);
-
-  // 3. Poll until decision
-  const tokens = await pollForToken(base, grant);
-
-  // 4. Fetch user profile (best-effort)
-  const userId = await fetchUserId(base, tokens.access_token);
-
-  const nowSecs = Math.floor(Date.now() / 1000);
-  return {
-    accessToken: tokens.access_token,
-    refreshToken: tokens.refresh_token,
-    expiresAt: nowSecs + tokens.expires_in,
-    serverUrl: base,
-    userId,
-  };
-}
-
-// ── Internal helpers ───────────────────────────────────────────────────────────
-
-export async function startDeviceAuthorization(
-  base: string,
-): Promise<DeviceAuthorizationResponse> {
-  const url = `${base}/oauth/device/authorize`;
-  let response: Response;
-  try {
-    response = await fetch(url, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        client_id: CLIENT_ID,
-        scope: SCOPE,
-        device_name: hostname(),
-      }),
-    });
-  } catch (err) {
-    throw new Error(
-      `Could not reach ${url}: ${(err as Error).message}.\n` +
-      `Check NEXVORA_BASE_URL and your network connection.`,
-    );
-  }
-  if (!response.ok) {
-    const text = await response.text().catch(() => "");
-    throw new Error(
-      `Failed to start OAuth device authorization (${response.status}) at ${url}.\n` +
-      `Is ${base} a valid NexVora server?` +
-      (text ? `\nServer said: ${text}` : ""),
-    );
-  }
-  return response.json() as Promise<DeviceAuthorizationResponse>;
-}
-
-function printUserPrompt(grant: DeviceAuthorizationResponse): void {
-  console.error("");
-  console.error("To authenticate, visit:");
-  console.error(`  ${grant.verification_uri}`);
-  console.error("");
-  console.error("And enter this code:");
-  console.error(`  ${grant.user_code}`);
-  console.error("");
-  console.error("If your browser does not open automatically, paste this URL:");
-  console.error(`  ${grant.verification_uri_complete}`);
-  console.error("");
-  console.error(
-    `Waiting for approval (code expires in ${grant.expires_in} seconds)...`,
-  );
-}
-
-export async function pollForToken(
-  base: string,
-  grant: DeviceAuthorizationResponse,
-): Promise<DeviceTokenSuccess> {
-  const url = `${base}/oauth/device/token`;
-  const deadline = Date.now() + Math.min(grant.expires_in * 1000, SAFETY_TIMEOUT_MS);
-  let intervalMs = Math.max(MIN_POLL_INTERVAL_SECONDS, grant.interval) * 1000;
-
-  while (Date.now() < deadline) {
-    await sleep(intervalMs);
-
-    const response = await fetch(url, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        grant_type: DEVICE_CODE_GRANT_TYPE,
-        device_code: grant.device_code,
-        client_id: CLIENT_ID,
-      }),
-    });
-
-    if (response.ok) {
-      return response.json() as Promise<DeviceTokenSuccess>;
-    }
-
-    const body = (await response.json().catch(() => null)) as OAuthErrorBody | null;
-    const code = body?.error ?? "unknown_error";
-
-    switch (code) {
-      case "authorization_pending":
-        // Keep polling at the current interval.
-        continue;
-      case "slow_down":
-        // RFC 8628 §3.5: server says we're polling too fast.
-        intervalMs += SLOW_DOWN_INCREMENT_MS;
-        continue;
-      case "access_denied":
-        throw new DeviceGrantError(code, "Login cancelled — you denied the request.");
-      case "expired_token":
-        throw new DeviceGrantError(
-          code,
-          "Login expired before it was approved. Run `nexvora login` again.",
-        );
-      case "invalid_grant":
-        throw new DeviceGrantError(
-          code,
-          body?.error_description ??
-            "The device grant is no longer valid. Run `nexvora login` again.",
-        );
-      default:
-        throw new DeviceGrantError(
-          code,
-          body?.error_description ?? `OAuth error: ${code}`,
-        );
-    }
-  }
-
-  throw new DeviceGrantError(
-    "timeout",
-    "Login timed out before the device code expired. Run `nexvora login` again.",
-  );
-}
-
-async function fetchUserId(baseUrl: string, accessToken: string): Promise<string> {
-  const response = await fetch(`${baseUrl}/api/users/me`, {
-    headers: { Authorization: `Bearer ${accessToken}` },
-  });
-  if (!response.ok) {
-    return "";
-  }
-  const user = (await response.json()) as { id?: string; userId?: string };
-  return user.id ?? user.userId ?? "";
-}
-
-function openBrowser(url: string): void {
-  const cmd =
-    process.platform === "win32"
-      ? `start "" "${url}"`
-      : process.platform === "darwin"
-        ? `open "${url}"`
-        : `xdg-open "${url}"`;
-
-  exec(cmd, (err) => {
-    if (err) {
-      console.error(`(Could not open browser automatically: ${err.message})`);
-    }
-  });
-}
-
-function sleep(ms: number): Promise<void> {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}