npm - @opencoven/coven-code - Versions diffs - 0.0.1 - Mend

@opencoven/coven-code 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/README.md +145 -0
package/bin/coven-code-sdk.mjs +12 -0
package/bin/coven-code.mjs +19 -0
package/docs/CLI.md +192 -0
package/docs/CONFIGURATION.md +107 -0
package/docs/DEVELOPMENT.md +104 -0
package/docs/DOGFOOD-PROTOCOL.md +263 -0
package/docs/MCP-SKILLS-PLUGINS.md +127 -0
package/docs/README.md +38 -0
package/docs/RELEASE.md +33 -0
package/docs/SDK.md +107 -0
package/docs/superpowers/plans/2026-05-25-coven-code-panel-tui.md +904 -0
package/docs/superpowers/plans/2026-05-25-coven-code-rebrand.md +670 -0
package/docs/superpowers/specs/2026-05-25-coven-code-panel-tui-design.md +235 -0
package/docs/superpowers/specs/2026-05-26-slash-first-tui-review.md +63 -0
package/package.json +36 -0
package/src/agent/lane.mjs +136 -0
package/src/agent/local.mjs +95 -0
package/src/cli/dispatch.mjs +66 -0
package/src/cli/execute.mjs +588 -0
package/src/cli/help.mjs +58 -0
package/src/cli/interactive-core.mjs +302 -0
package/src/cli/notifications.mjs +13 -0
package/src/cli/parse.mjs +83 -0
package/src/cli/reasoning.mjs +45 -0
package/src/cli/refs.mjs +162 -0
package/src/cli/repl.mjs +61 -0
package/src/cli/slash-commands.mjs +357 -0
package/src/cli/stream-json.mjs +116 -0
package/src/cli/tui.mjs +757 -0
package/src/commands/agents.mjs +53 -0
package/src/commands/config.mjs +27 -0
package/src/commands/ide.mjs +17 -0
package/src/commands/login.mjs +84 -0
package/src/commands/mcp.mjs +176 -0
package/src/commands/permissions.mjs +328 -0
package/src/commands/plugins.mjs +86 -0
package/src/commands/review.mjs +74 -0
package/src/commands/skill.mjs +23 -0
package/src/commands/threads.mjs +165 -0
package/src/commands/tools.mjs +77 -0
package/src/commands/update.mjs +31 -0
package/src/commands/usage.mjs +34 -0
package/src/constants.mjs +46 -0
package/src/main.mjs +87 -0
package/src/mcp/discover.mjs +154 -0
package/src/mcp/permissions.mjs +52 -0
package/src/mcp/probe.mjs +424 -0
package/src/mcp/registry.mjs +96 -0
package/src/plugins/discover.mjs +880 -0
package/src/sdk-install.mjs +187 -0
package/src/sdk.mjs +314 -0
package/src/settings/load.mjs +134 -0
package/src/settings/paths.mjs +101 -0
package/src/skills/builtin/building-skills/SKILL.md +20 -0
package/src/skills/discover.mjs +95 -0
package/src/threads/store.mjs +176 -0
package/src/tools/builtin/bash.mjs +110 -0
package/src/tools/builtin/create-file.mjs +66 -0
package/src/tools/builtin/edit-file.mjs +76 -0
package/src/tools/builtin/finder.mjs +73 -0
package/src/tools/builtin/glob.mjs +74 -0
package/src/tools/builtin/grep.mjs +82 -0
package/src/tools/builtin/index.mjs +83 -0
package/src/tools/builtin/librarian.mjs +97 -0
package/src/tools/builtin/look-at.mjs +92 -0
package/src/tools/builtin/mcp.mjs +51 -0
package/src/tools/builtin/mermaid.mjs +59 -0
package/src/tools/builtin/oracle.mjs +56 -0
package/src/tools/builtin/painter.mjs +81 -0
package/src/tools/builtin/plugin-tool.mjs +53 -0
package/src/tools/builtin/read-mcp-resource.mjs +63 -0
package/src/tools/builtin/read-web-page.mjs +72 -0
package/src/tools/builtin/read.mjs +59 -0
package/src/tools/builtin/runtime.mjs +215 -0
package/src/tools/builtin/task.mjs +63 -0
package/src/tools/builtin/toolbox-tool.mjs +57 -0
package/src/tools/builtin/undo-edit.mjs +97 -0
package/src/tools/builtin/web-search.mjs +128 -0
package/src/tools/toolbox.mjs +273 -0
package/src/util/fs.mjs +13 -0
package/src/util/glob.mjs +46 -0
package/src/util/html.mjs +21 -0
package/src/util/media.mjs +13 -0
package/src/util/shell.mjs +24 -0
package/src/util/table.mjs +11 -0

package/src/mcp/discover.mjs ADDED Viewed

@@ -0,0 +1,154 @@
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+import { readManagedSettings, readSettings, readSettingsFile } from '../settings/load.mjs';
+import { findWorkspaceSettingsFile } from '../settings/paths.mjs';
+import {
+  isMcpServerAllowed,
+  mcpPermissionRules,
+  mcpPermissionStatus,
+  readWorkspaceMcpApprovals,
+} from './permissions.mjs';
+import { mcpRegistryGate, mcpRegistryStatus } from './registry.mjs';
+import { listSkills } from '../skills/discover.mjs';
+const MCP_SERVERS_SETTING = 'covenCode.mcpServers';
+export function listConfiguredMcpServers(parsed = {}) {
+  const { userSettings, workspaceSettings, managedSettings, approvals, permissionRules, registryGate } = mcpSettings(parsed);
+  const byName = new Map();
+  for (const [name, config] of Object.entries(userSettings[MCP_SERVERS_SETTING] ?? {})) {
+    const expandedConfig = expandMcpServerConfigEnv(config);
+    byName.set(name, {
+      name,
+      config: expandedConfig,
+      source: 'user',
+      status: mcpServerStatus('approved', expandedConfig, permissionRules, registryGate),
+    });
+  }
+  for (const [name, config] of Object.entries(workspaceSettings[MCP_SERVERS_SETTING] ?? {})) {
+    const expandedConfig = expandMcpServerConfigEnv(config);
+    byName.set(name, {
+      name,
+      config: expandedConfig,
+      source: 'workspace',
+      status: mcpServerStatus(approvals[name] ? 'approved' : 'awaiting approval', expandedConfig, permissionRules, registryGate),
+    });
+  }
+  for (const [name, config] of Object.entries(managedSettings[MCP_SERVERS_SETTING] ?? {})) {
+    const expandedConfig = expandMcpServerConfigEnv(config);
+    byName.set(name, {
+      name,
+      config: expandedConfig,
+      source: 'managed',
+      status: mcpServerStatus('approved', expandedConfig, permissionRules, registryGate),
+    });
+  }
+  return [...byName.values()].sort((a, b) => a.name.localeCompare(b.name));
+}
+export function listActiveMcpServerEntries(parsed = {}, prompt = '') {
+  const { permissionRules, registryGate } = mcpSettings(parsed);
+  const inline = parseInlineMcpServers(parsed.mcpConfig)
+    .filter((server) => !isMcpServerDisabled(server.config))
+    .filter((server) => !mcpRegistryStatus(server.config, registryGate))
+    .filter((server) => isMcpServerAllowed(server.config, permissionRules))
+    .map((server) => ({
+      name: server.name,
+      status: 'connected',
+      source: 'cli',
+      config: server.config,
+    }));
+  const inlineNames = new Set(inline.map((server) => server.name));
+  const configured = listConfiguredMcpServers(parsed)
+    .filter((server) => server.status === 'approved')
+    .filter((server) => !inlineNames.has(server.name))
+    .map((server) => ({ ...server, status: 'connected' }));
+  const occupiedNames = new Set([...inline, ...configured].map((server) => server.name));
+  const skillServers = listSkillMcpServers(prompt, parsed)
+    .filter((server) => !isMcpServerDisabled(server.config))
+    .filter((server) => !mcpRegistryStatus(server.config, registryGate))
+    .filter((server) => isMcpServerAllowed(server.config, permissionRules))
+    .filter((server) => !occupiedNames.has(server.name))
+    .map((server) => ({ ...server, status: 'connected' }));
+  return [...inline, ...configured, ...skillServers];
+}
+function mcpSettings(parsed = {}) {
+  const userSettings = readSettings(parsed);
+  const workspacePath = findWorkspaceSettingsFile(process.cwd());
+  const workspaceSettings = workspacePath ? readSettingsFile(workspacePath) : {};
+  const managedSettings = readManagedSettings();
+  return {
+    userSettings,
+    workspaceSettings,
+    managedSettings,
+    approvals: readWorkspaceMcpApprovals(process.cwd()),
+    permissionRules: mcpPermissionRules(userSettings, workspaceSettings, managedSettings),
+    registryGate: mcpRegistryGate(userSettings, workspaceSettings, managedSettings),
+  };
+}
+function mcpServerStatus(defaultStatus, config, permissionRules, registryGate) {
+  if (isMcpServerDisabled(config)) return 'disabled';
+  const registryStatus = mcpRegistryStatus(config, registryGate);
+  if (registryStatus) return registryStatus;
+  return mcpPermissionStatus(defaultStatus, config, permissionRules);
+}
+function isMcpServerDisabled(config = {}) {
+  return config.disabled === true;
+}
+export function listActiveMcpServers(parsed = {}) {
+  return listActiveMcpServerEntries(parsed).map(({ name, source }) => ({
+    name,
+    status: 'connected',
+    source,
+  }));
+}
+export function parseInlineMcpServers(raw) {
+  if (!raw) return [];
+  try {
+    const parsed = JSON.parse(raw);
+    const servers = parsed.mcpServers ?? parsed[MCP_SERVERS_SETTING] ?? parsed;
+    return Object.keys(servers).map((name) => ({ name, config: expandMcpServerConfigEnv(servers[name]) }));
+  } catch {
+    return [{ name: 'inline', config: { command: expandEnvVars(raw) } }];
+  }
+}
+export function expandMcpServerConfigEnv(value) {
+  if (typeof value === 'string') return expandEnvVars(value);
+  if (Array.isArray(value)) return value.map((entry) => expandMcpServerConfigEnv(entry));
+  if (value && typeof value === 'object') {
+    return Object.fromEntries(Object.entries(value).map(([key, entry]) => [key, expandMcpServerConfigEnv(entry)]));
+  }
+  return value;
+}
+export function expandEnvVars(value) {
+  return String(value).replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)\}/g, (_, name) => process.env[name] ?? '');
+}
+export function formatMcpServerCommand(config) {
+  if (config.url) return config.url;
+  return [config.command, ...(config.args ?? [])].filter(Boolean).join(' ');
+}
+export function listSkillMcpServers(prompt = '', parsed = {}) {
+  const lower = prompt.toLowerCase();
+  const servers = [];
+  for (const skill of listSkills({ parsed })) {
+    if (!lower.includes(skill.name.toLowerCase())) continue;
+    const mcpPath = path.join(skill.dir, 'mcp.json');
+    if (!existsSync(mcpPath)) continue;
+    const mcp = readSettingsFile(mcpPath);
+    for (const [name, config] of Object.entries(mcp)) {
+      servers.push({ name, config: expandMcpServerConfigEnv(config), source: `skill:${skill.name}` });
+    }
+  }
+  return servers;
+}

package/src/mcp/permissions.mjs ADDED Viewed

@@ -0,0 +1,52 @@
+import path from 'node:path';
+import { findWorkspaceSettingsFile, workspaceSettingsFile } from '../settings/paths.mjs';
+import { readManagedSettings, readSettings, readSettingsFile, writeSettingsFile } from '../settings/load.mjs';
+import { globMatch } from '../util/glob.mjs';
+const MCP_PERMISSIONS_SETTING = 'covenCode.mcpPermissions';
+export function mcpPermissionRulesForCwd(parsed = {}) {
+  const userSettings = readSettings(parsed);
+  const workspacePath = findWorkspaceSettingsFile(process.cwd());
+  const workspaceSettings = workspacePath ? readSettingsFile(workspacePath) : {};
+  return mcpPermissionRules(userSettings, workspaceSettings, readManagedSettings());
+}
+export function mcpPermissionRules(userSettings = {}, workspaceSettings = {}, managedSettings = {}) {
+  if (Array.isArray(managedSettings[MCP_PERMISSIONS_SETTING])) return managedSettings[MCP_PERMISSIONS_SETTING];
+  if (Array.isArray(workspaceSettings[MCP_PERMISSIONS_SETTING])) return workspaceSettings[MCP_PERMISSIONS_SETTING];
+  if (Array.isArray(userSettings[MCP_PERMISSIONS_SETTING])) return userSettings[MCP_PERMISSIONS_SETTING];
+  return [];
+}
+export function mcpPermissionStatus(defaultStatus, config, rules) {
+  return isMcpServerAllowed(config, rules) ? defaultStatus : 'rejected';
+}
+export function isMcpServerAllowed(config = {}, rules = []) {
+  for (const rule of rules) {
+    if (!rule || typeof rule !== 'object' || !rule.matches || typeof rule.matches !== 'object') continue;
+    if (!mcpPermissionRuleMatches(config, rule.matches)) continue;
+    return rule.action !== 'reject';
+  }
+  return true;
+}
+function mcpPermissionRuleMatches(config = {}, matches = {}) {
+  const entries = Object.entries(matches);
+  if (entries.length === 0) return false;
+  return entries.every(([field, pattern]) => {
+    if (field === 'command') return globMatch(pattern, config.command ?? '');
+    if (field === 'args') return globMatch(pattern, (config.args ?? []).join(' '));
+    if (field === 'url') return globMatch(pattern, config.url ?? '');
+    return false;
+  });
+}
+export function readWorkspaceMcpApprovals(cwd) {
+  return readSettingsFile(path.join(path.dirname(workspaceSettingsFile(cwd)), 'mcp-approvals.json'));
+}
+export async function writeWorkspaceMcpApprovals(cwd, approvals) {
+  await writeSettingsFile(path.join(path.dirname(workspaceSettingsFile(cwd)), 'mcp-approvals.json'), approvals);
+}

package/src/mcp/probe.mjs ADDED Viewed

@@ -0,0 +1,424 @@
+import { spawnSync } from 'node:child_process';
+import { readFileSync, writeFileSync } from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { globMatch } from '../util/glob.mjs';
+const remoteMcpSessions = new Map();
+export async function discoverMcpToolRows(servers) {
+  const rows = [];
+  for (const server of servers) {
+    const toolDefs = filterIncludedMcpTools(
+      server.config,
+      server.source?.startsWith('skill:')
+        ? skillMcpTools(server.config)
+        : await queryMcpTools(server.config, server.name),
+    );
+    for (const tool of toolDefs) {
+      rows.push([
+        `mcp__${server.name}__${tool.name}`,
+        'local-mcp',
+        tool.description || `Tool from ${server.name}`,
+      ]);
+    }
+  }
+  return rows;
+}
+export async function mcpServerHealth(config = {}, serverName = '') {
+  if (config.url) {
+    const tools = await queryRemoteMcpTools(config, serverName);
+    return formatToolHealth(tools);
+  }
+  const result = queryLocalMcpToolsResult(config);
+  if (result.error) return `error ${result.error.code ?? result.error.message}`;
+  if ((result.status ?? 0) !== 0) return `error exit ${result.status}`;
+  return formatToolHealth(parseMcpToolsOutput(result.stdout));
+}
+function formatToolHealth(tools = []) {
+  return `ok ${tools.length} ${tools.length === 1 ? 'tool' : 'tools'}`;
+}
+function filterIncludedMcpTools(config = {}, tools = []) {
+  return tools.filter((tool) => isMcpToolIncluded(config, tool.name));
+}
+export function isMcpToolIncluded(config = {}, toolName = '') {
+  if (!Array.isArray(config.includeTools) || config.includeTools.length === 0) return true;
+  return config.includeTools.some((pattern) => globMatch(pattern, toolName));
+}
+async function queryMcpTools(config = {}, serverName = '') {
+  if (config.url) return queryRemoteMcpTools(config, serverName);
+  return queryLocalMcpTools(config);
+}
+function queryLocalMcpTools(config = {}) {
+  return parseMcpToolsOutput(queryLocalMcpToolsResult(config).stdout);
+}
+function queryLocalMcpToolsResult(config = {}) {
+  if (!config.command) return [];
+  return spawnSync(config.command, config.args ?? [], {
+    input: localMcpRequestInput('tools/list', {}),
+    env: { ...process.env, ...(config.env ?? {}) },
+    encoding: 'utf8',
+    timeout: 1500,
+  });
+}
+export async function callMcpTool(config = {}, name, args = {}, serverName = '') {
+  if (config.url) return callRemoteMcpTool(config, name, args, serverName);
+  return callLocalMcpTool(config, name, args);
+}
+export async function readMcpResource(config = {}, uri, serverName = '') {
+  if (config.url) return readRemoteMcpResource(config, uri, serverName);
+  return readLocalMcpResource(config, uri);
+}
+function callLocalMcpTool(config = {}, name, args = {}) {
+  if (!config.command) return '';
+  const result = spawnSync(config.command, config.args ?? [], {
+    input: localMcpRequestInput('tools/call', { name, arguments: args }),
+    env: { ...process.env, ...(config.env ?? {}) },
+    encoding: 'utf8',
+    timeout: 1500,
+  });
+  return parseMcpCallOutput(result.stdout);
+}
+function readLocalMcpResource(config = {}, uri) {
+  if (!config.command) return '';
+  const result = spawnSync(config.command, config.args ?? [], {
+    input: localMcpRequestInput('resources/read', { uri }),
+    env: { ...process.env, ...(config.env ?? {}) },
+    encoding: 'utf8',
+    timeout: 1500,
+  });
+  return parseMcpResourceOutput(result.stdout);
+}
+function localMcpRequestInput(method, params = {}) {
+  return [
+    {
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'initialize',
+      params: {
+        protocolVersion: '2025-06-18',
+        capabilities: {},
+        clientInfo: { name: 'coven-code', version: '0.0.0' },
+      },
+    },
+    { jsonrpc: '2.0', method: 'notifications/initialized' },
+    { jsonrpc: '2.0', id: 2, method, params },
+  ].map((message) => JSON.stringify(message)).join('\n') + '\n';
+}
+async function queryRemoteMcpTools(config = {}, serverName = '') {
+  const message = await postRemoteMcp(config, 'tools/list', {}, serverName);
+  if (Array.isArray(message.result?.tools)) return message.result.tools;
+  if (Array.isArray(message.tools)) return message.tools;
+  return [];
+}
+async function callRemoteMcpTool(config = {}, name, args = {}, serverName = '') {
+  const message = await postRemoteMcp(config, 'tools/call', { name, arguments: args }, serverName);
+  return parseMcpCallOutput(`${JSON.stringify(message)}\n`);
+}
+async function readRemoteMcpResource(config = {}, uri, serverName = '') {
+  const message = await postRemoteMcp(config, 'resources/read', { uri }, serverName);
+  return parseMcpResourceOutput(`${JSON.stringify(message)}\n`);
+}
+async function postRemoteMcp(config = {}, method, params, serverName = '') {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 1500);
+  const body = JSON.stringify({ jsonrpc: '2.0', id: 1, method, params });
+  try {
+    if (config.transport === 'sse') {
+      return await postLegacySseMcp(config, body, controller.signal, serverName);
+    }
+    const response = await fetch(config.url, {
+      method: 'POST',
+      headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+      body,
+      signal: controller.signal,
+    });
+    rememberRemoteMcpSession(config, serverName, response);
+    if (response.status === 400 && !remoteMcpSessions.has(remoteMcpSessionKey(config, serverName)) && await initializeRemoteMcpSession(config, serverName, controller.signal)) {
+      const retry = await fetch(config.url, {
+        method: 'POST',
+        headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+        body,
+        signal: controller.signal,
+      });
+      rememberRemoteMcpSession(config, serverName, retry);
+      return parseRemoteMcpResponse(await retry.text());
+    }
+    if (response.status === 401 && await refreshMcpOauthToken(serverName, config)) {
+      const retry = await fetch(config.url, {
+        method: 'POST',
+        headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+        body,
+        signal: controller.signal,
+      });
+      rememberRemoteMcpSession(config, serverName, retry);
+      return parseRemoteMcpResponse(await retry.text());
+    }
+    if (response.status >= 400 && response.status < 500) {
+      return await postLegacySseMcp(config, body, controller.signal, serverName);
+    }
+    const text = await response.text();
+    return parseRemoteMcpResponse(text);
+  } catch {
+    return {};
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+async function postLegacySseMcp(config = {}, body, signal, serverName = '') {
+  const endpoint = await discoverLegacySseEndpoint(config, signal, serverName);
+  if (!endpoint) return {};
+  const response = await fetch(endpoint, {
+    method: 'POST',
+    headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+    body,
+    signal,
+  });
+  rememberRemoteMcpSession(config, serverName, response);
+  if (response.status === 401 && await refreshMcpOauthToken(serverName, config)) {
+    const retry = await fetch(endpoint, {
+      method: 'POST',
+      headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+      body,
+      signal,
+    });
+    rememberRemoteMcpSession(config, serverName, retry);
+    return parseRemoteMcpResponse(await retry.text());
+  }
+  return parseRemoteMcpResponse(await response.text());
+}
+async function discoverLegacySseEndpoint(config = {}, signal, serverName = '') {
+  const response = await fetch(config.url, {
+    method: 'GET',
+    headers: remoteMcpHeaders(config, 'text/event-stream', serverName),
+    signal,
+  });
+  if (!response.ok) return '';
+  return resolveRemoteMcpUrl(config.url, parseLegacySseEndpoint(await response.text()));
+}
+function remoteMcpHeaders(config = {}, accept, serverName = '') {
+  return {
+    'content-type': 'application/json',
+    accept,
+    ...oauthMcpHeaders(serverName),
+    ...remoteMcpSessionHeader(config, serverName),
+    ...(config.headers ?? {}),
+  };
+}
+async function initializeRemoteMcpSession(config = {}, serverName = '', signal) {
+  const response = await fetch(config.url, {
+    method: 'POST',
+    headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+    body: JSON.stringify({
+      jsonrpc: '2.0',
+      id: 0,
+      method: 'initialize',
+      params: {
+        protocolVersion: '2025-06-18',
+        capabilities: {},
+        clientInfo: { name: 'coven-code', version: '0.0.0' },
+      },
+    }),
+    signal,
+  });
+  rememberRemoteMcpSession(config, serverName, response);
+  if (!response.ok || !remoteMcpSessions.has(remoteMcpSessionKey(config, serverName))) return false;
+  await fetch(config.url, {
+    method: 'POST',
+    headers: remoteMcpHeaders(config, 'application/json, text/event-stream', serverName),
+    body: JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized' }),
+    signal,
+  });
+  return true;
+}
+function rememberRemoteMcpSession(config = {}, serverName = '', response) {
+  const sessionId = response.headers.get('mcp-session-id');
+  if (sessionId) remoteMcpSessions.set(remoteMcpSessionKey(config, serverName), sessionId);
+}
+function remoteMcpSessionHeader(config = {}, serverName = '') {
+  const sessionId = remoteMcpSessions.get(remoteMcpSessionKey(config, serverName));
+  return sessionId ? { 'Mcp-Session-Id': sessionId } : {};
+}
+function remoteMcpSessionKey(config = {}, serverName = '') {
+  return `${serverName}\n${config.url ?? ''}`;
+}
+function oauthMcpHeaders(serverName = '') {
+  const credential = readMcpOauthCredential(serverName);
+  return credential.accessToken || credential.access_token ? { Authorization: `Bearer ${credential.accessToken ?? credential.access_token}` } : {};
+}
+function readMcpOauthCredential(serverName = '') {
+  if (!serverName) return {};
+  try {
+    return JSON.parse(readFileSync(mcpOauthCredentialPath(serverName), 'utf8'));
+  } catch {
+    return {};
+  }
+}
+async function refreshMcpOauthToken(serverName = '', config = {}) {
+  if (hasExplicitAuthorizationHeader(config)) return false;
+  const credential = readMcpOauthCredential(serverName);
+  const refreshToken = credential.refreshToken ?? credential.refresh_token;
+  const tokenUrl = credential.tokenUrl ?? credential.token_url;
+  if (!refreshToken || !tokenUrl) return false;
+  const response = await fetch(tokenUrl, {
+    method: 'POST',
+    headers: { 'content-type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: refreshToken,
+      ...(credential.clientId || credential.client_id ? { client_id: credential.clientId ?? credential.client_id } : {}),
+      ...(credential.clientSecret || credential.client_secret ? { client_secret: credential.clientSecret ?? credential.client_secret } : {}),
+    }),
+  });
+  if (!response.ok) return false;
+  const token = await response.json();
+  const nextCredential = {
+    ...credential,
+    accessToken: token.access_token ?? token.accessToken ?? credential.accessToken,
+    refreshToken: token.refresh_token ?? token.refreshToken ?? credential.refreshToken,
+    ...(token.expires_in || token.expiresIn ? { expiresAt: Date.now() + Number(token.expires_in ?? token.expiresIn) * 1000 } : {}),
+  };
+  writeFileSync(mcpOauthCredentialPath(serverName), `${JSON.stringify(nextCredential, null, 2)}\n`);
+  return Boolean(nextCredential.accessToken);
+}
+function hasExplicitAuthorizationHeader(config = {}) {
+  return Object.keys(config.headers ?? {}).some((key) => key.toLowerCase() === 'authorization');
+}
+function mcpOauthCredentialPath(serverName) {
+  return path.join(os.homedir(), '.coven-code', 'oauth', `${serverName}.json`);
+}
+function parseLegacySseEndpoint(text = '') {
+  let event = 'message';
+  const data = [];
+  for (const line of text.split(/\r?\n/)) {
+    if (!line) {
+      if (event === 'endpoint' && data.length) return data.join('\n').trim();
+      event = 'message';
+      data.length = 0;
+      continue;
+    }
+    if (line.startsWith(':')) continue;
+    const separator = line.indexOf(':');
+    const field = separator === -1 ? line : line.slice(0, separator);
+    const value = separator === -1 ? '' : line.slice(separator + 1).replace(/^ /, '');
+    if (field === 'event') event = value;
+    if (field === 'data') data.push(value);
+  }
+  if (event === 'endpoint' && data.length) return data.join('\n').trim();
+  return '';
+}
+function resolveRemoteMcpUrl(base, endpoint) {
+  if (!endpoint) return '';
+  try {
+    return new URL(endpoint, base).href;
+  } catch {
+    return '';
+  }
+}
+function parseRemoteMcpResponse(text = '') {
+  for (const chunk of text.split(/\r?\n/).filter(Boolean)) {
+    const line = chunk.startsWith('data:') ? chunk.slice('data:'.length).trim() : chunk.trim();
+    if (!line || line === '[DONE]') continue;
+    try {
+      return JSON.parse(line);
+    } catch {
+      // Remote MCP servers can include diagnostic or event wrapper lines.
+    }
+  }
+  try {
+    return JSON.parse(text);
+  } catch {
+    return {};
+  }
+}
+function parseMcpCallOutput(stdout = '') {
+  for (const line of stdout.split(/\r?\n/).filter(Boolean)) {
+    try {
+      const message = JSON.parse(line);
+      const content = message.result?.content ?? message.content;
+      if (Array.isArray(content)) {
+        return content.map((entry) => entry.text ?? entry.content ?? JSON.stringify(entry)).join('\n');
+      }
+      if (typeof content === 'string') return content;
+      if (message.result !== undefined) return JSON.stringify(message.result);
+    } catch {
+      // Non-JSON diagnostic output from MCP server startup is ignored.
+    }
+  }
+  return '';
+}
+function parseMcpResourceOutput(stdout = '') {
+  for (const line of stdout.split(/\r?\n/).filter(Boolean)) {
+    try {
+      const message = JSON.parse(line);
+      const contents = message.result?.contents ?? message.contents;
+      if (Array.isArray(contents)) {
+        return contents.map((entry) => entry.text ?? entry.content ?? entry.blob ?? JSON.stringify(entry)).join('\n');
+      }
+      if (typeof contents === 'string') return contents;
+      if (message.result !== undefined) return JSON.stringify(message.result);
+    } catch {
+      // Non-JSON diagnostic output from MCP server startup is ignored.
+    }
+  }
+  return '';
+}
+function parseMcpToolsOutput(stdout = '') {
+  for (const line of stdout.split(/\r?\n/).filter(Boolean)) {
+    try {
+      const message = JSON.parse(line);
+      if (Array.isArray(message.result?.tools)) return message.result.tools;
+      if (Array.isArray(message.tools)) return message.tools;
+    } catch {
+      // Non-JSON diagnostic output from MCP server startup is ignored.
+    }
+  }
+  return [];
+}
+export function skillMcpTools(config = {}) {
+  return (config.includeTools ?? []).map((name) => ({
+    name,
+    description: `Tool from skill MCP server ${config.command || config.url || ''}`.trim(),
+  }));
+}
+export function parseMcpToolName(name) {
+  const match = name.match(/^mcp__([^_]+(?:_[^_]+)*)__([\s\S]+)$/);
+  if (!match) return undefined;
+  return { serverName: match[1], toolName: match[2] };
+}