npm - @peekdev/mcp - Versions diffs - 0.1.0-alpha.10 → 0.1.0-alpha.12 - Mend

@peekdev/mcp 0.1.0-alpha.10 → 0.1.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +40 -25
package/package.json +9 -3

package/README.md CHANGED Viewed

@@ -30,7 +30,7 @@ Read on if you're configuring the MCP server manually, building tooling against
 ## What this is NOT
 - Not a remote MCP server. Peek is **local-only**: stdio transport over a child-process pipe. There is no HTTP listener, no SSE endpoint, no remote auth. The MCP transport spec's Streamable HTTP variant is out of scope by design.
-- Not a write-by-default tool. Read tools are unauthenticated; write tools (clicks, inputs, navigation, destructive actions) require explicit per-action authorization, recorded in `~/.peek/audit.log`.
+- Not a write-by-default tool. Read tools are unauthenticated. The write tools (`execute_action`, `request_authorization`) are defined on the MCP surface and gated by the permission model + destructive blocklist + audit-log writer — but the cross-process IPC that delivers them to the browser native host is **in development**. Calling `execute_action` against `peek-mcp@0.1.0-alpha.10` returns `bridge not wired in this MCP process`; peek is effectively read-only until that bridge lands.
 - Not a wrapper around Chrome DevTools Protocol. The server reads recorded events from SQLite; the extension owns capture. No live `chrome.debugger` access from the MCP server.
 ## Manual MCP-client config
@@ -42,45 +42,60 @@ If `peek init` doesn't recognize your client, paste this into your client's MCP
   "mcpServers": {
     "peek": {
       "command": "npx",
-      "args": ["-y", "@peekdev/mcp"],
-      "env": {
-        "PEEK_HOME": "~/.peek"
-      }
+      "args": ["-y", "@peekdev/mcp"]
     }
   }
 }
 ```
-For Claude Code, this goes in `~/.claude/mcp_servers.json` (per-project) or via `claude mcp add`. For Cursor: `~/Library/Application Support/Cursor/User/mcp_servers.json` (macOS). For Continue: in your `~/.continue/config.json` under `experimental.modelContextProtocolServers`.
+`PEEK_HOME` defaults to `~/.peek`; set it via `env` only if you want a non-default capture directory.
+The per-user config paths `peek init` writes to (canonical, see `packages/peek-cli/src/lib/init-config.ts`):
+| Client | Path |
+|---|---|
+| Claude Code | `~/.claude.json` (or `claude mcp add`) |
+| Cursor | `~/.cursor/mcp.json` |
+| VS Code (MCP) | `~/.vscode/mcp.json` |
+| Windsurf | `~/.codeium/windsurf/mcp_config.json` |
+| Cline | `~/cline_mcp_settings.json` |
 ## What the AI agent can do
 | Tool | Action | Authorization |
 |---|---|---|
-| `list_sessions` | List recent recording sessions | none |
-| `get_session_metadata` | Get one session's metadata + counts | none |
-| `get_session_console_errors` | Filter console messages by level / time | none |
-| `get_session_network_errors` | Filter failed network requests (status >= 400) | none |
-| `get_session_events` | Return rrweb event slices for a time window | none |
+| `list_recent_sessions` | List recently recorded sessions, newest first (id, origin, ts, event count) | none |
+| `get_session_summary` | LLM-readable narrative summary of a session | none |
+| `get_session_console_errors` | List console errors recorded in a session | none |
+| `get_session_network_errors` | List failed/notable network requests in a session | none |
+| `get_user_action_before_error` | Last N user actions before a console error | none |
+| `generate_playwright_repro` | Generate a runnable Playwright test from a session | none |
 | `get_dom_snapshot` | Reconstruct the DOM at a given timestamp | none |
-| `search_session` | Free-text search across console + network for a session | none |
-| `generate_playwright_repro` | Emit a Playwright `.spec.ts` reproducing user actions | none |
-| `execute_action` | Click / input / navigate in the live tab | per-action user prompt |
-| `request_authorization` | Ask the user to permit a destructive action | per-action user prompt |
+| `query_dom_history` | Timeline of attribute/text changes for a selector | none |
+| `request_authorization` | Side-panel consent for write actions (Level 3) | per-action user prompt |
+| `execute_action` | Dispatch a UI action (gated by permission level + destructive blocklist) | permission level + destructive blocklist |
 The full tool list is exposed via the MCP `tools/list` request (spec 2025-11-25 + back-compat for 2025-03-26). Tool docs ship with the binary via `tools/list` response `description` fields.
 ## Permission model (the five levels)
-| Level | What it allows | Default |
-|---|---|---|
-| 1 — Read | Query the DB, reconstruct DOM, search events | enabled |
-| 2 — Read with confirm | (none currently mapped) | n/a |
-| 3 — Constrained write | Click whitelisted selectors | disabled |
-| 4 — Broad write | Click any selector, type text, navigate | disabled |
-| 5 — Destructive | Submit forms, navigate cross-origin, file uploads | disabled |
+Per-origin, 5 levels (0–4). Default is **Level 1 — Read-only**. Higher levels are opt-in per origin.
+| Level | Name | What it allows | Default |
+|---|---|---|---|
+| 0 | Off | Recording suppressed, tool surface disabled for the origin | |
+| 1 | Read-only | Read recorded sessions; no action execution | enabled |
+| 2 | Suggest-only | Read + highlight DOM via overlay; no DOM mutation | |
+| 3 | Act-with-confirm | Read + execute actions, each prompting Allow once / Always for this site / Deny | |
+| 4 | YOLO this session | Read + execute non-destructive actions with no prompt (auto-expires on tab close or 60 min) | |
+At **Level 3** every `execute_action` call prompts the user via the side-panel banner (unless a one-shot `confirmToken` from a prior `request_authorization` is passed). At **Level 4 (YOLO)** non-destructive actions are auto-allowed with no prompt. Levels 0–2 deny `execute_action`.
+**Destructive-action blocklist (cross-level override)** — independent of the level, any action whose resolved target text/label matches a destructive term (`delete`, `remove`, `transfer`, `send`, `pay`, `withdraw`, etc. — full base list in `permissions/destructive.ts`, extensible via `~/.peek/policy.json`) **always** prompts for confirmation. This overrides all levels, including Level 4 YOLO — it is not a separate "Level 5".
+Every `execute_action` and `request_authorization` call is appended to `~/.peek/audit.log` (JSONL, mode 0600 — `peek audit log --json` prints it), including denied ones.
-Levels 3-5 require explicit per-action authorization via `request_authorization`. Every authorized action is appended to `~/.peek/audit.log` (JSONL — `peek audit log --json` prints it). There is a hardcoded destructive-action blocklist (`window.close`, `document.write`, etc.) that cannot be authorized.
+**Shipped today (alpha.10) vs queued for a follow-up alpha:** the five-level model, the destructive blocklist, and the audit-log writer all ship — they're enforced inside `peek-mcp` and observable via `~/.peek/audit.log`. The cross-process IPC that lets `execute_action` actually fire a click in the browser (`LocalSocketHostBridge`) is **not yet wired**; calling `execute_action` against alpha.10 returns the `bridge not wired in this MCP process` error. Track the bridge work via [issues on the rrweb-stack repo](https://github.com/Cubenest/rrweb-stack/issues).
 ## Database
@@ -95,8 +110,8 @@ For consumers building tooling on top of peek:
 ```ts
 import { generatePlaywrightRepro } from '@peekdev/mcp/mcp/playwright-repro';
 import { loadSessionEvents } from '@peekdev/mcp/mcp/event-blobs';
-import { openDb } from '@peekdev/mcp/db';
-import { startNativeHost } from '@peekdev/mcp/native-host';
+import { openDb, peekHomeDir } from '@peekdev/mcp/db';
+import { buildManifest, installManifests } from '@peekdev/mcp/native-host';
 ```
 These are the subpath exports the `@peekdev/cli` package uses. API surface is small but stable.

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@peekdev/mcp",
-  "version": "0.1.0-alpha.10",
-  "description": "peek native messaging host + stdio MCP server. Owns ~/.peek/sessions.db (better-sqlite3) and bridges the browser extension, CLI, and AI tools to a single local source of truth (ADR-0007).",
+  "version": "0.1.0-alpha.12",
+  "description": "peek native messaging host + stdio MCP server. Owns ~/.peek/sessions.db (better-sqlite3) and bridges the browser extension, CLI, and AI tools to a single local source of truth.",
   "keywords": [
     "peek",
     "mcp",
@@ -58,7 +58,7 @@
     "@modelcontextprotocol/sdk": "^1.29.0",
     "better-sqlite3": "^12.10.0",
     "zod": "^3.25.76",
-    "@cubenest/rrweb-core": "0.1.0-alpha.4"
+    "@cubenest/rrweb-core": "0.1.0-alpha.5"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.13",
@@ -73,7 +73,13 @@
     "url": "https://github.com/Cubenest/rrweb-stack",
     "directory": "packages/peek-mcp"
   },
+  "bugs": {
+    "url": "https://github.com/Cubenest/rrweb-stack/issues"
+  },
   "homepage": "https://peek.cubenest.in",
+  "engines": {
+    "node": ">=20.18.0"
+  },
   "scripts": {
     "build": "tsc -p tsconfig.json && node ./scripts/postbuild.mjs",
     "typecheck": "tsc -p tsconfig.json --noEmit",