@perfai/mcp 1.0.24

package/dist/tools/protected/showSecurityIssues.js

@@ -0,0 +1,212 @@
+import axios from "axios";
+import { API_ENDPOINTS } from "../../config.js";
+import { formatSecurityIssues } from "../../utils/formatters.js";
+export const showSecurityIssuesTool = {
+    name: "show_security_issues",
+    description: "🔒 List security issues for selected APP — filter by severity, status, and sort order (shows 20 at a time)",
+    inputSchema: {
+        type: "object",
+        properties: {
+            limit: {
+                type: "number",
+                description: "Number of issues to fetch (default: 20, max: 100)"
+            },
+            severities: {
+                type: "array",
+                items: { type: "string", enum: ["Low", "Medium", "High", "Critical"] },
+                description: "Filter by one or more severity levels e.g. [\"Critical\", \"High\"]"
+            },
+            status: {
+                type: "string",
+                enum: ["Open", "Dismissed"],
+                description: "Filter by issue status (default: Open)"
+            },
+            sort_by: {
+                type: "string",
+                enum: ["severity", "cvss", "method", "path", "type"],
+                description: "Field to sort by (default: severity)"
+            },
+            sort_order: {
+                type: "string",
+                enum: ["ASC", "DESC"],
+                description: "Sort direction (default: DESC — highest severity first)"
+            },
+            search: {
+                type: "string",
+                description: "Search issues by keyword (optional)"
+            },
+            cursor: {
+                type: "string",
+                description: "Pagination cursor for fetching next page (optional)"
+            }
+        },
+        additionalProperties: false,
+    },
+};
+export async function handleShowSecurityIssues(authManager, args) {
+    try {
+        const requestedLimit = args.limit;
+        const search = args.search?.trim();
+        const cursor = args.cursor;
+        const severities = args.severities || [];
+        const status = args.status || 'Open';
+        const sortBy = args.sort_by || 'severity';
+        const sortOrder = args.sort_order || 'DESC';
+        // Default to 20 issues if no limit specified
+        const limit = requestedLimit ? Math.min(requestedLimit, 100) : 20; // Default 20, max 100 per request
+        // Make authenticated request
+        const userInfo = authManager.getUserInfo();
+        const accessToken = authManager.getAccessToken();
+        const tokenType = authManager.getTokenType();
+        const orgId = authManager.getSelectedOrgId();
+        if (!accessToken) {
+            throw new Error('No access token available');
+        }
+        if (!orgId) {
+            // Debug info for user
+            const orgs = authManager.getOrganizations();
+            const sessionInfo = authManager.session ? `Session exists with ${Object.keys(authManager.session).join(', ')}` : 'No session';
+            throw new Error(`No organization selected. Debug: ${sessionInfo}. Organizations: ${orgs.length}. Selected: ${authManager.session?.selectedOrgId || 'none'}`);
+        }
+        // Always require selected APP
+        const selectedAppId = authManager.getSelectedApiId();
+        const selectedAppData = authManager.getSelectedApiData();
+        const selectedAppIdentifier = authManager.getSelectedApiIdentifier();
+        if (!selectedAppId) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `❌ **No APP Selected**\n\n🎯 **Required**: You must select an APP first to view its security issues.\n\n📋 **Steps**:\n1. Run \`list_apps\` to see available APPs\n2. Run \`select_app\` with an APP ID\n3. Then run this tool again`,
+                    },
+                ],
+            };
+        }
+        // First, get the app details using the catalog ID to get the security_privacy_test_appId
+        const catalogUrl = `${API_ENDPOINTS.API_CATALOG_SERVICE_IDS}/${selectedAppId}`;
+        let appDetails;
+        try {
+            const catalogResponse = await axios.get(catalogUrl, {
+                headers: {
+                    'Authorization': `${tokenType} ${accessToken}`,
+                    'Content-Type': 'application/json',
+                    'X-Org-ID': orgId
+                },
+                timeout: 30000
+            });
+            if (catalogResponse.status !== 200 || !catalogResponse.data) {
+                throw new Error(`Failed to fetch app details with status ${catalogResponse.status}`);
+            }
+            appDetails = catalogResponse.data;
+            if (!appDetails.security_privacy_test_appId) {
+                throw new Error('No security_privacy_test_appId found for this app');
+            }
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `❌ **Error fetching app details**\n\n🔴 **Error**: ${errorMessage}\n\n💡 **Tip**: Make sure the selected app has security testing enabled.`,
+                    },
+                ],
+            };
+        }
+        // Use the security_privacy_test_appId for fetching security issues
+        const securityAppId = appDetails.security_privacy_test_appId;
+        // Store the security app ID for use in other tools (like runSecurityTest)
+        authManager.setSelectedSecurityAppId(securityAppId);
+        // Build query with all supported API params
+        const params = new URLSearchParams();
+        params.set('app_id', securityAppId);
+        params.set('limit', String(limit));
+        params.set('sortBy', sortBy);
+        params.set('sortOrder', sortOrder);
+        if (cursor)
+            params.set('cursor', cursor);
+        if (search)
+            params.set('search', search);
+        severities.forEach((s) => params.append('severities[]', s));
+        if (status === 'Dismissed')
+            params.set('isDismissed', 'true');
+        const issuesUrl = `${API_ENDPOINTS.SECURITY_ISSUES_BY_APP}?${params.toString()}`;
+        console.error('🔍 Debug: Fetching security issues');
+        const authHeaders = {
+            'Authorization': `${tokenType} ${accessToken}`,
+            'Content-Type': 'application/json',
+            'X-Org-ID': orgId
+        };
+        let response;
+        try {
+            response = await axios.get(issuesUrl, { headers: authHeaders, timeout: 30000 });
+        }
+        catch (err) {
+            if (cursor && err?.response?.status === 500) {
+                const retryParams = new URLSearchParams(params);
+                retryParams.delete('cursor');
+                response = await axios.get(`${API_ENDPOINTS.SECURITY_ISSUES_BY_APP}?${retryParams.toString()}`, { headers: authHeaders, timeout: 30000 });
+            }
+            else {
+                throw err;
+            }
+        }
+        if (response.status !== 200 || !response.data) {
+            throw new Error(`Request failed with status ${response.status}`);
+        }
+        const issues = response.data.data || [];
+        const allIssues = issues;
+        let currentCursor = response.data.nextCursor || null;
+        let hasMore = response.data.hasMore || false;
+        if (issues.length < limit) {
+            hasMore = false;
+            currentCursor = null;
+        }
+        const appDisplayName = selectedAppData?.label || selectedAppData?.api_name || appDetails?.api_name || selectedAppId || '';
+        const moreInfo = hasMore ? ' (more available)' : '';
+        const selectedOrg = authManager.getOrganizations().find((org) => org.org_id === orgId);
+        const orgName = selectedOrg?.orgDetails?.name || orgId || '';
+        const activeFilters = [];
+        if (severities.length)
+            activeFilters.push(`severities: ${severities.join(', ')}`);
+        if (status !== 'Open')
+            activeFilters.push(`status: ${status}`);
+        if (search)
+            activeFilters.push(`search: "${search}"`);
+        activeFilters.push(`sort: ${sortBy} ${sortOrder}`);
+        const filterInfo = `🎯 **APP**: ${appDisplayName}  |  🏢 **Org**: ${orgName}\n` +
+            `🔽 **Filters**: ${activeFilters.join(' | ')}\n` +
+            `📊 **Issues shown**: ${allIssues.length}${moreInfo}\n\n`;
+        const formattedText = formatSecurityIssues(allIssues, userInfo, search, hasMore, currentCursor);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: filterInfo + formattedText,
+                },
+            ],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        // Check if it's a 500 error specifically
+        if (errorMessage.includes('500')) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `❌ **Server Error (500)**\n\n🔴 **Error**: ${errorMessage}\n\n💡 **Possible Causes**:\n• Invalid pagination cursor\n• Server temporarily unavailable\n• Rate limiting\n\n🔄 **Try**:\n1. Run \`show_security_issues\` without cursor to get fresh results\n2. Wait a few minutes and try again\n3. Check if your authentication is still valid`,
+                    },
+                ],
+            };
+        }
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `❌ **Error fetching security issues**\n\n🔴 **Error**: ${errorMessage}\n\n💡 **Tip**: Make sure you're authenticated and have access to security data.\n\n🔄 **Try**: Re-running the 'login' tool if the error persists.`,
+                },
+            ],
+        };
+    }
+}

package/dist/tools/protected/summarizeIssues.d.ts

@@ -0,0 +1,11 @@
+export declare const summarizeIssuesTool: {
+    readonly name: "summarize_issues";
+    readonly description: "📊 Get a full summary dashboard for the selected APP — security risk, design issues, quality issues, attack surface, bug bounty savings, and coverage (requires authentication)";
+    readonly inputSchema: {
+        readonly type: "object";
+        readonly properties: {};
+        readonly additionalProperties: false;
+    };
+};
+export declare function handleSummarizeIssues(authManager: any): Promise<any>;
+//# sourceMappingURL=summarizeIssues.d.ts.map

package/dist/tools/protected/summarizeIssues.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"summarizeIssues.d.ts","sourceRoot":"","sources":["../../../src/tools/protected/summarizeIssues.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,mBAAmB;;;;;;;;CAQtB,CAAC;AAcX,wBAAsB,qBAAqB,CAAC,WAAW,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CA6I1E"}

package/dist/tools/protected/summarizeIssues.js

@@ -0,0 +1,161 @@
+import axios from "axios";
+import { API_ENDPOINTS } from "../../config.js";
+export const summarizeIssuesTool = {
+    name: "summarize_issues",
+    description: "📊 Get a full summary dashboard for the selected APP — security risk, design issues, quality issues, attack surface, bug bounty savings, and coverage (requires authentication)",
+    inputSchema: {
+        type: "object",
+        properties: {},
+        additionalProperties: false,
+    },
+};
+function fmt(n, prefix = '') {
+    if (n === undefined || n === null)
+        return 'N/A';
+    return prefix + n.toLocaleString();
+}
+function fmtMoney(n) {
+    if (!n)
+        return '$0';
+    if (n >= 1_000_000)
+        return `$${(n / 1_000_000).toFixed(1)}M`;
+    if (n >= 1_000)
+        return `$${(n / 1_000).toFixed(1)}K`;
+    return `$${n}`;
+}
+export async function handleSummarizeIssues(authManager) {
+    try {
+        const accessToken = authManager.getAccessToken();
+        const tokenType = authManager.getTokenType();
+        const orgId = authManager.getSelectedOrgId();
+        if (!accessToken)
+            throw new Error('No access token available');
+        if (!orgId)
+            throw new Error('No organization selected. Use manage_organizations first.');
+        const selectedAppId = authManager.getSelectedApiId();
+        const selectedAppData = authManager.getSelectedApiData();
+        if (!selectedAppId) {
+            return {
+                content: [{
+                        type: "text",
+                        text: `❌ **No APP Selected**\n\n🎯 Select an APP first.\n\n📋 Steps:\n1. Run \`list_apps\`\n2. Run \`select_app\`\n3. Then run \`summarize_issues\``,
+                    }],
+            };
+        }
+        const url = `${API_ENDPOINTS.APP_SUMMARY}/${selectedAppId}`;
+        const authHeaders = {
+            'Authorization': `${tokenType} ${accessToken}`,
+            'Content-Type': 'application/json',
+            'X-Org-ID': orgId,
+        };
+        const response = await axios.get(url, { headers: authHeaders, timeout: 30000 });
+        if (response.status !== 200 || !response.data) {
+            throw new Error(`Summary request failed with status ${response.status}`);
+        }
+        const d = response.data;
+        const appName = selectedAppData?.label || d.latest_run?.api_name || selectedAppId;
+        const selectedOrg = authManager.getOrganizations().find((org) => org.org_id === orgId);
+        const orgName = selectedOrg?.orgDetails?.name || orgId;
+        const sec = d.security_summary || {};
+        const des = d.design_summary || {};
+        const qua = d.spec_validation_summary || {};
+        const run = d.latest_run || {};
+        const bug = d.bugBounty?.active || {};
+        const lines = [];
+        // Header
+        lines.push(`📊 **${appName}** — Issue Summary`);
+        lines.push(`🏢 **Org**: ${orgName}  |  🕐 **Last run**: ${run.run_dt ? new Date(run.run_dt).toLocaleString() : 'N/A'}  |  🔁 **Run #${run.run_number ?? 'N/A'}**`);
+        lines.push(`📋 **Status**: ${d.registrationStatus || 'Unknown'}  |  📅 **Schedule**: ${d.scheduleType || 'N/A'}  |  🎯 **Coverage**: ${d.final_coverage !== undefined ? d.final_coverage + '%' : 'N/A'}`);
+        // ── Security Risk ────────────────────────────────────────────────────────
+        lines.push(`\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        lines.push(`🔒 **SECURITY RISK**`);
+        lines.push(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        const secCritHigh = (sec.total_critical || 0) + (sec.total_high || 0);
+        const secMedLow = (sec.total_medium || 0) + (sec.total_low || 0);
+        lines.push(`  🔴 Critical/High : ${secCritHigh}  ${secCritHigh > 0 ? '← Immediate action required' : '✅ None'}`);
+        lines.push(`  🟡 Medium/Low    : ${secMedLow}`);
+        lines.push(`  ✅ Fixed         : ${fmt(sec.total_fixed_issues)}`);
+        lines.push(`  🚫 Dismissed     : ${fmt(sec.total_dismissed_issues)}`);
+        lines.push(`  📊 Total         : ${fmt(sec.total_issues)}`);
+        // Bug bounty
+        const totalSavings = bug.totalSavings || 0;
+        if (totalSavings > 0) {
+            const bySev = bug.savingsBySeverity || {};
+            lines.push(`\n  💰 **Bug Bounty Savings**: ${fmtMoney(totalSavings)} potential costs avoided`);
+            if (bySev.Critical)
+                lines.push(`       Critical: ${fmtMoney(bySev.Critical)}`);
+            if (bySev.High)
+                lines.push(`       High:     ${fmtMoney(bySev.High)}`);
+            if (bySev.Medium)
+                lines.push(`       Medium:   ${fmtMoney(bySev.Medium)}`);
+        }
+        // ── Design Issues ────────────────────────────────────────────────────────
+        lines.push(`\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        lines.push(`🎨 **APPLICATION DESIGN ISSUES**`);
+        lines.push(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        lines.push(`  🔴 Critical : ${fmt(des.total_critical)}`);
+        lines.push(`  🟠 High     : ${fmt(des.total_high)}`);
+        lines.push(`  🟡 Medium   : ${fmt(des.total_medium)}`);
+        lines.push(`  📊 Total    : ${fmt(des.total_issues)}`);
+        // ── Quality / Spec Validation ────────────────────────────────────────────
+        lines.push(`\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        lines.push(`🔍 **QUALITY / SPEC VALIDATION**`);
+        lines.push(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        if ((qua.total_issues || 0) === 0) {
+            lines.push(`  ✅ No quality issues — specifications look good`);
+        }
+        else {
+            lines.push(`  🚨 Blocker  : ${fmt(qua.total_blocker)}`);
+            lines.push(`  🔴 Critical : ${fmt(qua.total_critical)}`);
+            lines.push(`  🟠 High     : ${fmt(qua.total_high)}`);
+            lines.push(`  🟡 Medium   : ${fmt(qua.total_medium)}`);
+            lines.push(`  📊 Total    : ${fmt(qua.total_issues)}`);
+        }
+        // ── Attack Surface ───────────────────────────────────────────────────────
+        lines.push(`\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        lines.push(`🗺️  **ATTACK SURFACE**`);
+        lines.push(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+        lines.push(`  📡 Endpoints      : ${fmt(run.total_endpoints)}`);
+        lines.push(`  👤 Roles tested   : ${fmt(d.unique_privileges?.length)}${d.unique_privileges?.length ? ` (${d.unique_privileges.join(', ')})` : ''}`);
+        lines.push(`  🔬 Security tests : ${fmt(d.testDataSecurityCount)}`);
+        lines.push(`  🔒 Sensitive data types : ${fmt(d.total_pii)}`);
+        if (run.total_endpoints) {
+            lines.push(`\n  HTTP Methods:`);
+            if (run.total_get)
+                lines.push(`    GET    : ${run.total_get}`);
+            if (run.total_post)
+                lines.push(`    POST   : ${run.total_post}`);
+            if (run.total_put)
+                lines.push(`    PUT    : ${run.total_put}`);
+            if (run.total_patch)
+                lines.push(`    PATCH  : ${run.total_patch}`);
+            if (run.total_delete)
+                lines.push(`    DELETE : ${run.total_delete}`);
+        }
+        // ── Version ──────────────────────────────────────────────────────────────
+        if (d.semVer || d.calVer) {
+            lines.push(`\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+            lines.push(`📦 **VERSION**`);
+            lines.push(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
+            if (d.semVer)
+                lines.push(`  SemVer  : ${d.semVer}`);
+            if (d.calVer)
+                lines.push(`  CalVer  : ${d.calVer}`);
+            if (d.total_releases !== undefined)
+                lines.push(`  Releases: ${d.total_releases}`);
+        }
+        lines.push(`\n💡 Use \`show_security_issues\`, \`show_design_issues\`, or \`show_quality_issues\` to see individual issues.`);
+        return {
+            content: [{ type: "text", text: lines.join('\n') }],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return {
+            content: [{
+                    type: "text",
+                    text: `❌ **Error fetching issue summary**\n\n🔴 **Error**: ${errorMessage}\n\n💡 Make sure you're authenticated and have an APP selected.`,
+                }],
+        };
+    }
+}

package/dist/tools/protected/userInfo.d.ts

@@ -0,0 +1,11 @@
+export declare const userInfoTool: {
+    readonly name: "user_info";
+    readonly description: "👤 Get detailed information about the authenticated user";
+    readonly inputSchema: {
+        readonly type: "object";
+        readonly properties: {};
+        readonly additionalProperties: false;
+    };
+};
+export declare function handleUserInfo(authManager: any): Promise<any>;
+//# sourceMappingURL=userInfo.d.ts.map

package/dist/tools/protected/userInfo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userInfo.d.ts","sourceRoot":"","sources":["../../../src/tools/protected/userInfo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;;;;;;;CAQf,CAAC;AAEX,wBAAsB,cAAc,CAAC,WAAW,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAYnE"}

package/dist/tools/protected/userInfo.js

@@ -0,0 +1,21 @@
+export const userInfoTool = {
+    name: "user_info",
+    description: "👤 Get detailed information about the authenticated user",
+    inputSchema: {
+        type: "object",
+        properties: {},
+        additionalProperties: false,
+    },
+};
+export async function handleUserInfo(authManager) {
+    const userInfo = authManager.getUserInfo();
+    const accessToken = authManager.getAccessToken();
+    return {
+        content: [
+            {
+                type: "text",
+                text: `👤 **User Information**\n\n**Name:** ${userInfo.name || 'Not provided'}\n**Email:** ${userInfo.email}\n**User ID:** ${userInfo.sub}\n**Picture:** ${userInfo.picture || 'Not provided'}\n**Email Verified:** ${userInfo.email_verified ? '✅ Yes' : '❌ No'}\n**Locale:** ${userInfo.locale || 'Not provided'}\n**Last Updated:** ${userInfo.updated_at || 'Not provided'}\n\n🔑 **Access Token:** ${accessToken ? `${accessToken.substring(0, 20)}...` : 'Not available'}`,
+            },
+        ],
+    };
+}

package/dist/tools/protected/visionAiAppLearning.d.ts

@@ -0,0 +1,37 @@
+export declare const visionAiAppLearningTool: {
+    readonly name: "vision_ai_app_learning";
+    readonly description: "📄 Run Vision AI App Learning using Docker (GENERATE_SPEC). Requires authentication and an app selected. Triggers the vision app learning image in LOCAL mode.";
+    readonly inputSchema: {
+        readonly type: "object";
+        readonly properties: {
+            readonly app_url: {
+                readonly type: "string";
+                readonly description: "URL of the app to explore for OAS generation (e.g. https://myapp.example.com, http://localhost:3000, or http://0.0.0.0:3000). For Docker, localhost and 0.0.0.0 are rewritten to host.docker.internal so the container can reach your host.";
+            };
+            readonly spec_url: {
+                readonly type: "string";
+                readonly description: "Optional existing spec URL to extend or validate";
+            };
+            readonly chat_id: {
+                readonly type: "string";
+                readonly description: "Optional chat ID for linking to a conversation";
+            };
+            readonly model_config: {
+                readonly type: "string";
+                readonly description: "Optional model config (default: Advance)";
+            };
+            readonly account_email: {
+                readonly type: "string";
+                readonly description: "Optional email for the app under test (pre-existing account login)";
+            };
+            readonly account_password: {
+                readonly type: "string";
+                readonly description: "Optional password for the app under test (pre-existing account login)";
+            };
+        };
+        readonly required: readonly ["app_url"];
+        readonly additionalProperties: true;
+    };
+};
+export declare function handleVisionAiAppLearning(authManager: any, args: any): Promise<any>;
+//# sourceMappingURL=visionAiAppLearning.d.ts.map

package/dist/tools/protected/visionAiAppLearning.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"visionAiAppLearning.d.ts","sourceRoot":"","sources":["../../../src/tools/protected/visionAiAppLearning.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmC1B,CAAC;AAEX,wBAAsB,yBAAyB,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAgGzF"}

package/dist/tools/protected/visionAiAppLearning.js

@@ -0,0 +1,122 @@
+import { runDockerVisionAiAppLearning } from "../../utils/dockerRunner.js";
+export const visionAiAppLearningTool = {
+    name: "vision_ai_app_learning",
+    description: "📄 Run Vision AI App Learning using Docker (GENERATE_SPEC). Requires authentication and an app selected. Triggers the vision app learning image in LOCAL mode.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            app_url: {
+                type: "string",
+                description: "URL of the app to explore for OAS generation (e.g. https://myapp.example.com, http://localhost:3000, or http://0.0.0.0:3000). For Docker, localhost and 0.0.0.0 are rewritten to host.docker.internal so the container can reach your host.",
+            },
+            spec_url: {
+                type: "string",
+                description: "Optional existing spec URL to extend or validate",
+            },
+            chat_id: {
+                type: "string",
+                description: "Optional chat ID for linking to a conversation",
+            },
+            model_config: {
+                type: "string",
+                description: "Optional model config (default: Advance)",
+            },
+            account_email: {
+                type: "string",
+                description: "Optional email for the app under test (pre-existing account login)",
+            },
+            account_password: {
+                type: "string",
+                description: "Optional password for the app under test (pre-existing account login)",
+            },
+        },
+        required: ["app_url"],
+        additionalProperties: true,
+    },
+};
+export async function handleVisionAiAppLearning(authManager, args) {
+    try {
+        const appUrl = args.app_url;
+        const specUrl = args.spec_url;
+        const chatId = args.chat_id;
+        const modelConfig = args.model_config;
+        const accountEmail = args.account_email;
+        const accountPassword = args.account_password;
+        const accessToken = authManager.getAccessToken();
+        const orgId = authManager.getSelectedOrgId();
+        const selectedApiId = authManager.getSelectedApiId();
+        const userInfo = authManager.getUserInfo();
+        const userId = userInfo?.sub ?? undefined;
+        if (!accessToken) {
+            throw new Error("No access token available");
+        }
+        if (!orgId) {
+            throw new Error("No organization selected. Please select an organization first using manage_organizations tool.");
+        }
+        if (!selectedApiId) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `❌ **No App Selected**\n\n🎯 **Required**: You must select an app first to run Vision AI App Learning.\n\n📋 **Steps**:\n1. Run \`list_apps\` to see available apps\n2. Run \`select_app\` with an app ID\n3. Then run this tool again with \`app_url\` (the URL of your app to explore)`,
+                    },
+                ],
+            };
+        }
+        if (!appUrl) {
+            throw new Error("app_url is required");
+        }
+        try {
+            new URL(appUrl);
+        }
+        catch {
+            throw new Error("Invalid URL format for app_url");
+        }
+        const result = await runDockerVisionAiAppLearning({
+            appId: selectedApiId,
+            orgId,
+            accessToken,
+            appUrl,
+            userId,
+            specUrl,
+            chatId,
+            modelConfig,
+            accountEmail,
+            accountPassword,
+        });
+        const isLocalhost = /localhost|127\.0\.0\.1/i.test(appUrl || "");
+        const localhostTip = isLocalhost &&
+            "\n\n💡 **Using localhost?** If the agent reports \"page not loaded\" or \"connection refused\", your app must listen on **0.0.0.0** (not 127.0.0.1). Examples: `npm run dev -- --host`, `HOST=0.0.0.0 npm run dev`, or in your server use `listen(3000, '0.0.0.0')`.";
+        const apiPortTip = isLocalhost &&
+            "\n\n💡 **Login/API works in your browser but not in the container?** If your frontend (e.g. port 7846) calls an API on another port (e.g. 7845) using `localhost`, the browser inside the container will send those requests to the container's localhost, not your machine—so you see no 200/404 logs and login fails. **Fix**: (1) Use the same origin for API (e.g. proxy API through the frontend dev server so all requests go to the same port), or (2) Set your app's API base URL to use the same host as the page (e.g. `http://host.docker.internal:7845` when testing from Docker, or use `window.location.hostname` so it works for both).";
+        if (result.success) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `📄 **Vision AI App Learning completed successfully**\n\n🎯 **App**: ${selectedApiId}\n🔗 **App URL**: ${appUrl}\n🏢 **Organization**: ${orgId}\n\n📋 **Output**:\n\`\`\`\n${result.output || "Learning completed — check your PerfAI dashboard or app catalog for the generated spec."}\n\`\`\`\n\n✅ **Status**: GENERATE_SPEC task finished. Results should be available in your PerfAI dashboard / app catalog.${localhostTip || ""}${apiPortTip || ""}`,
+                    },
+                ],
+            };
+        }
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `❌ **Vision AI App Learning failed**\n\n🔴 **Exit code**: ${result.exitCode}\n🎯 **App**: ${selectedApiId}\n🔗 **App URL**: ${appUrl}\n\n📋 **Error output**:\n\`\`\`\n${result.errors || "Unknown error"}\n\`\`\`\n\n💡 **Common issues**:\n1. **Docker not running**: Ensure Docker Desktop is running\n2. **Image missing**: Build/pull the image (e.g. set VISION_AI_APP_LEARNING_IMAGE)\n3. **App not reachable / page not loaded**: For \`localhost\`, the container reaches your app via \`host.docker.internal\`. Your app must listen on **0.0.0.0** (e.g. \`npm run dev -- --host\` or \`HOST=0.0.0.0 npm run dev\`). Binding to 127.0.0.1 only will cause connection refused.\n4. **Login works in your browser but not in container / no logs on your server**: Your frontend may call an API on a different port (e.g. 7845) using \`localhost\`. Inside the container, \`localhost\` is the container—so API requests never reach your machine. Use same-origin (proxy API through frontend) or set API base URL to \`host.docker.internal:API_PORT\` when testing from Docker.\n\n🔄 **Try**: Fix the issues above and run the tool again.`,
+                },
+            ],
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `❌ **Error running Vision AI App Learning**\n\n🔴 **Error**: ${errorMessage}\n\n💡 **Tip**: Ensure you're authenticated, have an organization and app selected, and provided a valid app_url.\n\n🔄 **Try**: Check your inputs and try again.`,
+                },
+            ],
+        };
+    }
+}

package/dist/tools/public/authStatus.d.ts

@@ -0,0 +1,11 @@
+export declare const authStatusTool: {
+    readonly name: "auth_status";
+    readonly description: "📊 Check current authentication status and user information";
+    readonly inputSchema: {
+        readonly type: "object";
+        readonly properties: {};
+        readonly additionalProperties: false;
+    };
+};
+export declare function handleAuthStatus(authManager: any): Promise<any>;
+//# sourceMappingURL=authStatus.d.ts.map

package/dist/tools/public/authStatus.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authStatus.d.ts","sourceRoot":"","sources":["../../../src/tools/public/authStatus.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc;;;;;;;;CAQjB,CAAC;AAEX,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAyErE"}