@opentabs-dev/mcp-server 0.0.63 → 0.0.65

package/dist/prompts/plugin-icon.js

@@ -0,0 +1,147 @@
+/**
+ * plugin_icon prompt — workflow for adding or updating an SVG icon for an OpenTabs plugin.
+ */
+export const pluginIconPromptText = (plugin) => `Add or update the SVG icon for the **${plugin}** OpenTabs plugin. Follow the full workflow below.
+
+---
+
+## How Plugin Icons Work
+
+Plugin icons are **discovered by convention** during \`opentabs-plugin build\`. The build tool looks for \`icon.svg\` at the **plugin root directory** (next to \`package.json\`).
+
+### Icon File Layout
+
+| File | Purpose | If absent |
+|---|---|---|
+| \`icon.svg\` | Light mode active icon | Letter avatar fallback |
+| \`icon-inactive.svg\` | Light mode inactive icon | Auto-generated (grayscale via BT.709) |
+| \`icon-dark.svg\` | Dark mode active icon | Auto-generated (lightness inversion for low-contrast colors) |
+| \`icon-dark-inactive.svg\` | Dark mode inactive icon | Auto-generated (grayscale of dark variant) |
+
+### Icon Pipeline
+
+\`\`\`
+icon.svg + icon-dark.svg (plugin root)
+  → opentabs-plugin build (validates, minifies, auto-generates missing variants)
+    → dist/tools.json (iconSvg / iconInactiveSvg / iconDarkSvg / iconDarkInactiveSvg)
+      → MCP server loads from tools.json → Chrome extension → side panel
+\`\`\`
+
+### Dark Mode Auto-Generation
+
+When \`icon-dark.svg\` is not provided, the build tool adapts colors with insufficient WCAG contrast (< 3:1) against the dark card background (\`#242424\`). Colors with sufficient contrast pass through unchanged — colorful brand icons (Slack, Discord) stay untouched, while monochrome dark icons have their lightness inverted in HSL space.
+
+**Provide explicit \`icon-dark.svg\` when:** the brand provides official light/dark variants, or auto-generation doesn't produce a satisfactory result.
+
+---
+
+## SVG Requirements
+
+The build tool (\`platform/plugin-tools/src/validate-icon.ts\`) enforces:
+
+| Constraint | Rule |
+|---|---|
+| File size | <= 8 KB |
+| viewBox | Must be present |
+| viewBox shape | Must be **square** (width === height) |
+| Forbidden elements | No \`<image>\`, no \`<script>\` |
+| Forbidden attributes | No event handlers (\`onclick\`, \`onload\`, etc.) |
+
+Custom inactive icons must additionally use only achromatic colors (grays, black, white).
+
+---
+
+## Step 1: Obtain the Source SVG
+
+Get the brand SVG from the service's official brand assets page. Prefer:
+- The **icon-only** variant (no wordmark/lockup)
+- A **single-color** version (works best at small sizes)
+- The **dark/black** variant for \`icon.svg\` (light mode has a light background)
+- If the brand provides separate light and dark variants, use dark-colored for \`icon.svg\` and light-colored for \`icon-dark.svg\`
+
+**Watch out for fake SVGs**: Some downloads are rasterized PNGs embedded inside SVG wrappers (\`<image>\` with base64 \`data:image/png\`). These fail validation. A real vector SVG contains \`<path>\`, \`<circle>\`, \`<rect>\`, etc.
+
+### Fallback: Simple Icons
+
+If official brand assets don't provide a usable vector SVG, use **Simple Icons**:
+
+\`\`\`
+https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/<name>.svg
+\`\`\`
+
+Use WebFetch to download, then clean up:
+- Remove \`role="img"\` from \`<svg>\`
+- Remove \`<title>\` element
+- Add \`fill="black"\` to the \`<path>\`
+- The viewBox is already square (\`0 0 24 24\`)
+
+Simple Icons are CC0 (public domain).
+
+---
+
+## Step 2: Prepare the SVG
+
+### Non-Square viewBox (most common issue)
+
+Expand the viewBox to a square and center content using the min-x/min-y offset:
+
+For \`0 0 W H\` where \`W > H\`: \`viewBox="0 -(W-H)/2 W W"\`
+For \`0 0 W H\` where \`H > W\`: \`viewBox="-(H-W)/2 0 H H"\`
+
+Example: \`0 0 98 96\` → \`viewBox="0 -1 98 98"\`
+
+### Cleanup
+
+Remove from \`<svg>\`: \`width\`, \`height\`, Figma/Illustrator metadata.
+Keep: \`xmlns="http://www.w3.org/2000/svg"\`, \`viewBox\`.
+
+### Clip Paths
+
+If a \`<clipPath>\` clips to the original non-square dimensions and you expanded the viewBox, evaluate whether the clip path is still needed — often it can be removed.
+
+### File Size
+
+If > 8 KB: remove comments/metadata, simplify paths, reduce decimal precision, remove redundant \`<g>\` wrappers.
+
+---
+
+## Step 3: Place the Icons
+
+\`\`\`
+plugins/${plugin}/icon.svg              # Required
+plugins/${plugin}/icon-dark.svg         # Optional — dark mode active
+plugins/${plugin}/icon-inactive.svg     # Optional — light mode inactive override
+plugins/${plugin}/icon-dark-inactive.svg # Optional — dark mode inactive override
+\`\`\`
+
+Only \`icon.svg\` is required. All other variants are auto-generated if absent.
+
+---
+
+## Step 4: Build
+
+\`\`\`bash
+cd plugins/${plugin}
+npm run build
+\`\`\`
+
+The build output confirms icon discovery. If validation fails, it reports specific errors.
+
+---
+
+## Step 5: Verify
+
+1. Check all icon variants are in \`dist/tools.json\`:
+
+\`\`\`bash
+node -e "const m = require('./dist/tools.json'); console.log('iconSvg:', !!m.iconSvg, 'iconInactiveSvg:', !!m.iconInactiveSvg, 'iconDarkSvg:', !!m.iconDarkSvg, 'iconDarkInactiveSvg:', !!m.iconDarkInactiveSvg)"
+\`\`\`
+
+2. Open the Chrome extension side panel and verify the icon renders correctly in both light and dark mode, in both active and inactive states.
+
+---
+
+## Write Learnings Back
+
+If you discover new SVG preparation techniques or icon gotchas, add them directly to this prompt file: \`platform/mcp-server/src/prompts/plugin-icon.ts\`.`;
+//# sourceMappingURL=plugin-icon.js.map

package/dist/prompts/plugin-icon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin-icon.js","sourceRoot":"","sources":["../../src/prompts/plugin-icon.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,MAAc,EACN,EAAE,CAAC,wCAAwC,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UA2GjD,MAAM;UACN,MAAM;UACN,MAAM;UACN,MAAM;;;;;;;;;;aAUH,MAAM;;;;;;;;;;;;;;;;;;;;;;2JAsBwI,CAAC"}

package/dist/prompts/setup-plugin.d.ts

@@ -0,0 +1,3 @@
+/** Prompt text for the `setup_plugin` prompt — plugin installation and configuration workflow. */
+export declare const setupPluginPromptText: (name: string) => string;
+//# sourceMappingURL=setup-plugin.d.ts.map

package/dist/prompts/setup-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-plugin.d.ts","sourceRoot":"","sources":["../../src/prompts/setup-plugin.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAElG,eAAO,MAAM,qBAAqB,GAAI,MAAM,MAAM,KAAG,MAmMpD,CAAC"}

package/dist/prompts/setup-plugin.js

@@ -0,0 +1,197 @@
+/** Prompt text for the `setup_plugin` prompt — plugin installation and configuration workflow. */
+export const setupPluginPromptText = (name) => {
+    const isFullPackageName = name.includes('/') || name.startsWith('opentabs-plugin-');
+    const packageName = isFullPackageName ? name : `opentabs-plugin-${name}`;
+    const pluginName = isFullPackageName ? name.replace(/^@[^/]+\//, '').replace(/^opentabs-plugin-/, '') : name;
+    return `Set up the **${pluginName}** OpenTabs plugin. Follow each step below.
+
+---
+
+## Step 1: Search for the Plugin
+
+Search npm to find the plugin package:
+
+\`\`\`bash
+opentabs plugin search ${pluginName}
+\`\`\`
+
+This lists matching packages with their descriptions and versions. Look for the official package (usually \`@opentabs-dev/${packageName}\` or \`${packageName}\`).
+
+If the search returns no results, the plugin may not be published to npm. Check if the user has a local plugin directory to add instead.
+
+---
+
+## Step 2: Install the Plugin
+
+Install the plugin via the CLI:
+
+\`\`\`bash
+opentabs plugin install ${packageName}
+\`\`\`
+
+This installs the package globally and triggers plugin rediscovery. The MCP server picks it up automatically (no restart needed).
+
+**If the install fails:**
+- Check the package name is correct
+- Check npm registry access: \`npm ping\`
+- For scoped packages, ensure the user is authenticated: \`npm whoami\`
+
+For local plugins (under active development), add the path instead:
+
+\`\`\`bash
+opentabs config set localPlugins.add /path/to/plugin
+\`\`\`
+
+---
+
+## Step 3: Open the Target Web App
+
+The user needs to open the web app that the plugin targets in a Chrome browser tab. The plugin's URL patterns determine which tabs it matches.
+
+Ask the user to navigate to the appropriate URL in their browser.
+
+---
+
+## Step 4: Verify Plugin Loaded
+
+Check that the plugin was discovered and a matching tab is ready:
+
+\`\`\`
+plugin_list_tabs(plugin: "${pluginName}")
+\`\`\`
+
+Expected result:
+- The plugin appears in the list
+- \`state\` is \`ready\` (the tab matches and the plugin's \`isReady()\` returned true)
+- At least one tab is shown with \`ready: true\`
+
+**If the plugin is not listed:**
+- Check the server logs: \`opentabs logs\`
+- The plugin may have failed to load (missing \`dist/adapter.iife.js\`, invalid \`package.json\`, etc.)
+
+**If state is \`unavailable\`:**
+- The user may need to log in to the web app first
+- Wait a few seconds for the page to finish loading, then re-check
+
+**If state is \`closed\`:**
+- No open tab matches the plugin's URL patterns
+- Ask the user to open the correct URL
+
+---
+
+## Step 5: Review the Plugin
+
+New plugins start with permission \`off\` (disabled) and must be reviewed before use. This is a security measure — the plugin adapter runs code in the user's authenticated browser session.
+
+### 5a. Inspect the plugin's adapter code:
+
+\`\`\`
+plugin_inspect(plugin: "${pluginName}")
+\`\`\`
+
+This returns the full adapter IIFE source code, metadata (name, version, author, line count), and a review token.
+
+### 5b. Review the code for security concerns:
+
+Check for:
+- **Network requests**: Are they only to the expected API domains? No exfiltration to third-party servers?
+- **Data access**: Does it only read data relevant to its tools? No excessive localStorage/cookie reading?
+- **DOM manipulation**: Does it only interact with the target web app's UI? No injecting external scripts?
+- **Permissions**: Does it request only the capabilities it needs?
+
+### 5c. Mark the plugin as reviewed:
+
+After reviewing and confirming with the user:
+
+\`\`\`
+plugin_mark_reviewed(
+  plugin: "${pluginName}",
+  version: "<version from inspect>",
+  reviewToken: "<token from inspect>",
+  permission: "ask"
+)
+\`\`\`
+
+Use \`ask\` permission initially — this requires user approval for each tool call. The user can upgrade to \`auto\` later if they trust the plugin.
+
+---
+
+## Step 6: Test the Plugin
+
+Call a read-only tool first to verify everything works end-to-end:
+
+1. Check which tools are available — they are prefixed with \`${pluginName}_\` (e.g., \`${pluginName}_list_channels\`, \`${pluginName}_get_profile\`)
+2. Call a simple read-only tool (list, get, search) to verify:
+   - The tool dispatches to the browser tab
+   - The adapter extracts auth correctly
+   - The API call succeeds
+   - The response is well-formatted
+
+If the tool call fails, use the \`troubleshoot\` prompt for guided debugging.
+
+---
+
+## Step 7: Configure Permissions
+
+Once the plugin is working, help the user set permissions based on their trust level:
+
+### Plugin-level permission (applies to all tools):
+
+\`\`\`bash
+# Require approval for every tool call (default after review)
+opentabs config set plugin-permission.${pluginName} ask
+
+# Auto-approve all tool calls (skip approval dialogs)
+opentabs config set plugin-permission.${pluginName} auto
+
+# Disable the plugin
+opentabs config set plugin-permission.${pluginName} off
+\`\`\`
+
+### Per-tool permissions (override the plugin-level default):
+
+\`\`\`bash
+# Auto-approve read-only tools, require approval for write tools
+opentabs config set tool-permission.${pluginName}.list_channels auto
+opentabs config set tool-permission.${pluginName}.send_message ask
+\`\`\`
+
+### Permission resolution order:
+1. \`skipPermissions\` env var (bypasses everything — development only)
+2. Per-tool override (\`tool-permission.<plugin>.<tool>\`)
+3. Plugin default (\`plugin-permission.<plugin>\`)
+4. Global default: \`off\`
+
+---
+
+## Summary
+
+After completing all steps, the plugin is:
+- Installed and discovered by the MCP server
+- Loaded with a matching browser tab in \`ready\` state
+- Reviewed and approved with the appropriate permission level
+- Tested with at least one successful tool call
+- Configured with the user's preferred permission settings
+
+The plugin's tools are now available for use in your AI workflow.
+
+---
+
+## Step 8: Write Learnings Back
+
+If the setup process surfaced new patterns, gotchas, or common issues, write them back into the source files so future AI agents benefit automatically.
+
+**Where to write:**
+
+| What you learned | Write to |
+|---|---|
+| Installation or discovery issues | \`platform/mcp-server/src/resources/quick-start.ts\` |
+| Permission or review flow issues | \`platform/mcp-server/src/prompts/setup-plugin.ts\` (this prompt) |
+| New troubleshooting patterns | \`platform/mcp-server/src/resources/troubleshooting.ts\` |
+
+**Rules:**
+- Check for duplicates before adding — scan existing content
+- Keep learnings generic, not specific to a single plugin
+- Verify the server builds after editing: \`cd platform/mcp-server && npm run build\``;
+};
+//# sourceMappingURL=setup-plugin.js.map

package/dist/prompts/setup-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-plugin.js","sourceRoot":"","sources":["../../src/prompts/setup-plugin.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAElG,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAY,EAAU,EAAE;IAC5D,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;IACpF,MAAM,WAAW,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,mBAAmB,IAAI,EAAE,CAAC;IACzE,MAAM,UAAU,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE7G,OAAO,gBAAgB,UAAU;;;;;;;;;yBASV,UAAU;;;4HAGyF,WAAW,WAAW,WAAW;;;;;;;;;;;0BAWnI,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4BA+BT,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0BA6BZ,UAAU;;;;;;;;;;;;;;;;;;;aAmBvB,UAAU;;;;;;;;;;;;;;;gEAeyC,UAAU,gBAAgB,UAAU,uBAAuB,UAAU;;;;;;;;;;;;;;;;;;;wCAmB7F,UAAU;;;wCAGV,UAAU;;;wCAGV,UAAU;;;;;;;sCAOZ,UAAU;sCACV,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sFAuCsC,CAAC;AACvF,CAAC,CAAC"}

package/dist/prompts/troubleshoot.d.ts

@@ -0,0 +1,3 @@
+/** Prompt text for the `troubleshoot` prompt — guided debugging workflow. */
+export declare const troubleshootPromptText: (error: string) => string;
+//# sourceMappingURL=troubleshoot.d.ts.map

package/dist/prompts/troubleshoot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"troubleshoot.d.ts","sourceRoot":"","sources":["../../src/prompts/troubleshoot.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAE7E,eAAO,MAAM,sBAAsB,GAAI,OAAO,MAAM,KAAG,MA6LtD,CAAC"}

package/dist/prompts/troubleshoot.js

@@ -0,0 +1,191 @@
+/** Prompt text for the `troubleshoot` prompt — guided debugging workflow. */
+export const troubleshootPromptText = (error) => {
+    const errorClause = error
+        ? `The user is experiencing this issue: "${error}"\n\nDiagnose this specific problem using the workflow below.`
+        : 'Run a general health check of the OpenTabs platform using the workflow below.';
+    return `${errorClause}
+
+---
+
+## Step 1: Check Extension Connectivity
+
+\`\`\`
+extension_get_state
+\`\`\`
+
+Verify the response shows the WebSocket is connected. Key fields to check:
+- \`connected\`: must be \`true\`
+- \`tabCount\`: number of tracked tabs
+- \`injectedAdapters\`: plugins with adapters injected into tabs
+
+**If the extension is not connected:**
+1. Verify the Chrome extension is loaded: the user should check \`chrome://extensions/\` and confirm OpenTabs is enabled
+2. Verify the MCP server is running: \`opentabs status\`
+3. Check if the extension needs to be reloaded: the user should click the refresh icon on the OpenTabs extension card at \`chrome://extensions/\`
+4. Check if the side panel is open — opening the OpenTabs side panel triggers the WebSocket connection
+5. If the extension was recently updated, the user needs to reload it and reopen the side panel
+
+---
+
+## Step 2: Check Plugin State and Tab Readiness
+
+\`\`\`
+plugin_list_tabs
+\`\`\`
+
+This returns all loaded plugins with their tab states. For each plugin, verify:
+- **state**: \`ready\` means a matching tab is open and the plugin's \`isReady()\` returned true
+- **state**: \`unavailable\` means a matching tab exists but \`isReady()\` returned false (auth issue, page still loading)
+- **state**: \`closed\` means no tab matches the plugin's URL patterns
+
+**If the target plugin is not listed:**
+- The plugin may not be installed: \`opentabs plugin list\`
+- The plugin may have failed to load: check \`opentabs logs\` for discovery errors
+
+**If state is \`closed\`:**
+- The user needs to open the web app in a browser tab
+- The URL must match the plugin's URL patterns
+
+**If state is \`unavailable\`:**
+- The user may not be logged in to the web app
+- The page may still be loading — wait a few seconds and re-check
+- The plugin's \`isReady()\` function may have a bug
+
+---
+
+## Step 3: Check Plugin Permissions
+
+If the error mentions "not reviewed" or "permission":
+
+**Plugin not reviewed (permission is \`off\`):**
+1. Call \`plugin_inspect\` with the plugin name to retrieve the adapter source code and a review token
+2. Review the code for security concerns (network requests, data access, DOM manipulation)
+3. Ask the user to confirm the review
+4. Call \`plugin_mark_reviewed\` with the plugin name, version, review token, and desired permission (\`ask\` or \`auto\`)
+
+**Permission denied (user rejected approval):**
+- In \`ask\` mode, the user sees an approval dialog for each tool call. If they click "Deny", the tool returns a permission error
+- To avoid repeated prompts, the user can set the permission to \`auto\`:
+  \`\`\`bash
+  opentabs config set plugin-permission.<plugin> auto
+  \`\`\`
+- Or set per-tool permissions:
+  \`\`\`bash
+  opentabs config set tool-permission.<plugin>.<tool> auto
+  \`\`\`
+
+---
+
+## Step 4: Check for Timeout Issues
+
+If the error mentions "timeout" or "timed out":
+
+- The default dispatch timeout is 30 seconds. Tools that report progress get an extended window (timeout resets on each progress update, up to 5 minutes max)
+- Check if the tool is a long-running operation (e.g., large data export, file upload)
+- Check if the target web app is slow to respond — use \`browser_get_network_requests\` to inspect API latency
+- Check if the extension adapter is responsive:
+  \`\`\`
+  extension_check_adapter(plugin: "<plugin-name>")
+  \`\`\`
+
+---
+
+## Step 5: Check for Rate Limiting
+
+If the error mentions "rate limit" or includes \`retryAfterMs\`:
+
+- The target web app's API is throttling requests
+- Wait for the \`retryAfterMs\` duration before retrying
+- Reduce the frequency of tool calls to the affected plugin
+- Check if the web app has a rate limit dashboard or API usage page
+
+---
+
+## Step 6: Check for Tool Not Found
+
+If the error mentions "tool not found" or "unknown tool":
+
+- Verify the tool name uses the correct prefix: \`<plugin>_<tool>\` (e.g., \`slack_send_message\`)
+- Check if the plugin is installed and loaded: \`plugin_list_tabs\`
+- The plugin may have been updated and the tool renamed — check the plugin's tool list
+
+---
+
+## Step 7: Inspect Server and Extension Logs
+
+For deeper diagnosis, check the logs:
+
+\`\`\`
+extension_get_logs
+\`\`\`
+
+This returns recent extension logs including adapter injection events, WebSocket messages, and errors. Look for:
+- Adapter injection failures (CSP violations, script errors)
+- WebSocket disconnection events
+- Tool dispatch errors
+
+Also check the MCP server logs:
+\`\`\`bash
+opentabs logs
+\`\`\`
+
+---
+
+## Step 8: Browser-Level Diagnostics
+
+If the issue persists, use browser tools for deeper investigation:
+
+\`\`\`
+browser_get_console_logs(tabId: <tabId>)
+\`\`\`
+
+Check for JavaScript errors in the target web app's console.
+
+\`\`\`
+browser_enable_network_capture(tabId: <tabId>, urlFilter: "/api")
+\`\`\`
+
+Then reproduce the issue and check captured network requests:
+
+\`\`\`
+browser_get_network_requests(tabId: <tabId>)
+\`\`\`
+
+Look for failed API calls (4xx/5xx responses), CORS errors, or network timeouts.
+
+---
+
+## Quick Reference: Common Errors
+
+| Error | Likely Cause | Resolution |
+|-------|-------------|------------|
+| Extension not connected | Extension not loaded or side panel closed | Reload extension, open side panel |
+| Tab closed | No matching tab open | Open the web app in a browser tab |
+| Tab unavailable | User not logged in or page loading | Log in, wait, re-check |
+| Plugin not reviewed | Permission is \`off\` | Run the review flow (inspect → review → mark reviewed) |
+| Permission denied | User rejected approval dialog | Set permission to \`auto\` via CLI |
+| Dispatch timeout | Tool or API too slow | Check network, increase timeout, check adapter |
+| Rate limited | API throttling | Wait for retryAfterMs, reduce call frequency |
+| Tool not found | Wrong name or plugin not loaded | Verify plugin installed and tool name correct |
+| Concurrent dispatch limit | 5 active dispatches per plugin | Wait for in-flight tools to complete |
+
+---
+
+## Step 9: Write Learnings Back
+
+After resolving the issue, write any new troubleshooting patterns, error messages, or resolution steps back into the source files so future AI agents benefit automatically.
+
+**Where to write:**
+
+| What you learned | Write to |
+|---|---|
+| New error messages or resolution steps | \`platform/mcp-server/src/resources/troubleshooting.ts\` |
+| New diagnostic patterns or gotchas | \`platform/mcp-server/src/prompts/troubleshoot.ts\` (this prompt) |
+| Permission or config issues | \`platform/mcp-server/src/resources/cli.ts\` |
+
+**Rules:**
+- Check for duplicates before adding — scan existing error reference
+- Keep patterns generic, not specific to a single user's environment
+- Verify the server builds after editing: \`cd platform/mcp-server && npm run build\``;
+};
+//# sourceMappingURL=troubleshoot.js.map

package/dist/prompts/troubleshoot.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"troubleshoot.js","sourceRoot":"","sources":["../../src/prompts/troubleshoot.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAE7E,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC9D,MAAM,WAAW,GAAG,KAAK;QACvB,CAAC,CAAC,yCAAyC,KAAK,+DAA+D;QAC/G,CAAC,CAAC,+EAA+E,CAAC;IAEpF,OAAO,GAAG,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sFAuL+D,CAAC;AACvF,CAAC,CAAC"}

package/dist/reload.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reload.d.ts","sourceRoot":"","sources":["../src/reload.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,wCAAwC,EAAE,MAAM,+DAA+D,CAAC;AAW9H,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAIxD,OAAO,KAAK,EAAqB,WAAW,EAAE,MAAM,YAAY,CAAC;AAGjE,oFAAoF;AACpF,UAAU,YAAY;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AA2UD;;;;;;;;;;;;;;GAcG;AACH,QAAA,MAAM,aAAa,GACjB,OAAO,WAAW,EAClB,gBAAgB,iBAAiB,EAAE,EACnC,YAAY,GAAG,CAAC,MAAM,EAAE,wCAAwC,CAAC,EACjE,aAAa,OAAO,KACnB,OAAO,CAAC,YAAY,CAkGtB,CAAC;AAEF;;;;;;;GAOG;AACH,QAAA,MAAM,mBAAmB,GACvB,OAAO,WAAW,EAClB,gBAAgB,iBAAiB,EAAE,EACnC,YAAY,GAAG,CAAC,MAAM,EAAE,wCAAwC,CAAC,KAChE,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CA+BjD,CAAC;AAEF,YAAY,EAAE,YAAY,EAAE,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC"}
+{"version":3,"file":"reload.d.ts","sourceRoot":"","sources":["../src/reload.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,wCAAwC,EAAE,MAAM,+DAA+D,CAAC;AAW9H,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGxD,OAAO,KAAK,EAAqB,WAAW,EAAE,MAAM,YAAY,CAAC;AAGjE,oFAAoF;AACpF,UAAU,YAAY;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AA+UD;;;;;;;;;;;;;;GAcG;AACH,QAAA,MAAM,aAAa,GACjB,OAAO,WAAW,EAClB,gBAAgB,iBAAiB,EAAE,EACnC,YAAY,GAAG,CAAC,MAAM,EAAE,wCAAwC,CAAC,EACjE,aAAa,OAAO,KACnB,OAAO,CAAC,YAAY,CAkGtB,CAAC;AAEF;;;;;;;GAOG;AACH,QAAA,MAAM,mBAAmB,GACvB,OAAO,WAAW,EAClB,gBAAgB,iBAAiB,EAAE,EACnC,YAAY,GAAG,CAAC,MAAM,EAAE,wCAAwC,CAAC,KAChE,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CA+BjD,CAAC;AAEF,YAAY,EAAE,YAAY,EAAE,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/reload.js

@@ -20,9 +20,8 @@ import { startConfigWatching, startFileWatching, stopFileWatching } from './file
 import { sweepStaleSessions } from './http-routes.js';
 import { pruneStaleBuffers } from './log-buffer.js';
 import { log } from './logger.js';
-import { notifyToolListChanged, rebuildCachedBrowserTools, registerMcpHandlers } from './mcp-setup.js';
+import { notifyAllListsChanged, rebuildCachedBrowserTools, registerMcpHandlers } from './mcp-setup.js';
 import { buildRegistry } from './registry.js';
-import { isCliSkipPermissions } from './skip-permissions.js';
 import { checkForUpdates } from './version-check.js';
 /**
  * globalThis key for the reload serialization chain.
@@ -121,7 +120,7 @@ const pruneStaleState = (state) => {
 const createFileWatcherCallbacks = (state, sessionServers, transports) => {
     const notifyAllClients = () => {
         for (const srv of sessionServers) {
-            notifyToolListChanged(srv);
+            notifyAllListsChanged(srv);
         }
     };
     return {
@@ -175,6 +174,7 @@ const resetStaleReviewedVersions = (state) => {
             log.info(`Plugin "${pluginName}" updated from v${config.reviewedVersion} to v${plugin.version} — resetting permission to 'off'`);
             config.permission = 'off';
             config.reviewedVersion = undefined;
+            delete config.tools;
             resetCount++;
         }
     }
@@ -211,7 +211,10 @@ const reloadCore = async ({ state, sessionServers, transports }) => {
         const newPluginPermissions = { ...config.permissions };
         const newPluginPaths = [...config.localPlugins];
         const newDiscoveryErrors = errors;
-        const newSkipPermissions = isCliSkipPermissions();
+        // Preserve the runtime skipPermissions value — it may have been toggled
+        // via "Restore approvals" in the side panel. Only read the env var on
+        // initial startup (when state.skipPermissions is still the default).
+        const newSkipPermissions = state.skipPermissions;
         // Build the new cached browser tools on a staging object so a throw here
         // does not partially update state. rebuildCachedBrowserTools only reads
         // .browserTools and writes .cachedBrowserTools.
@@ -394,7 +397,7 @@ const performReload = async (state, sessionServers, transports, isHotReload) =>
             }
             log.info(`Hot reload: re-registered ${reregistered}/${sessionServers.length} session(s), notifying of list changes`);
             for (const srv of sessionServers) {
-                notifyToolListChanged(srv);
+                notifyAllListsChanged(srv);
             }
         }
         // Version check: async via `npm view`, best-effort on every reload
@@ -441,7 +444,7 @@ const performConfigReload = async (state, sessionServers, transports) => {
         // (performReload handles its own notification after handler re-registration,
         // so reloadCore itself does not notify — each caller is responsible.)
         for (const srv of sessionServers) {
-            notifyToolListChanged(srv);
+            notifyAllListsChanged(srv);
         }
         log.info(`Config reload complete: ${state.registry.plugins.size} plugin(s) in ${Date.now() - startTs}ms`);
         return { plugins: state.registry.plugins.size, durationMs: Date.now() - startTs };