npm - @schoolai/shipyard-mcp - Versions diffs - 0.2.2-next.483 → 0.2.2-next.487 - Mend

@schoolai/shipyard-mcp 0.2.2-next.483 → 0.2.2-next.487

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/apps/hook/dist/index.js CHANGED Viewed

@@ -28494,7 +28494,7 @@ init_cjs_shims();
 // ../../packages/schema/dist/index.mjs
 init_cjs_shims();
-// ../../packages/schema/dist/yjs-helpers-BBG4tC2R.mjs
+// ../../packages/schema/dist/yjs-helpers-A0hIPiRs.mjs
 init_cjs_shims();
 // ../../packages/schema/dist/plan.mjs
@@ -42552,7 +42552,8 @@ var PlanEventSchema = external_exports.discriminatedUnion("type", [
   PlanEventBaseSchema.extend({
     type: external_exports.literal("agent_activity"),
     data: AgentActivityDataSchema
-  })
+  }),
+  PlanEventBaseSchema.extend({ type: external_exports.literal("session_token_regenerated") })
 ]);
 var PlanMetadataBaseSchema = external_exports.object({
   id: external_exports.string(),
@@ -42665,7 +42666,7 @@ var PRReviewCommentSchema = external_exports.object({
   resolved: external_exports.boolean().optional()
 });
-// ../../packages/schema/dist/yjs-helpers-BBG4tC2R.mjs
+// ../../packages/schema/dist/yjs-helpers-A0hIPiRs.mjs
 function assertNever2(value) {
   throw new Error(`Unhandled discriminated union member: ${JSON.stringify(value)}`);
 }
@@ -43792,6 +43793,29 @@ var GitHubPRResponseSchema = external_exports.object({
   merged: external_exports.boolean(),
   head: external_exports.object({ ref: external_exports.string() })
 });
+var ROUTES = {
+  REGISTRY_LIST: "/registry",
+  REGISTRY_REGISTER: "/register",
+  REGISTRY_UNREGISTER: "/unregister",
+  PLAN_STATUS: (planId) => `/api/plan/${planId}/status`,
+  PLAN_HAS_CONNECTIONS: (planId) => `/api/plan/${planId}/has-connections`,
+  PLAN_TRANSCRIPT: (planId) => `/api/plan/${planId}/transcript`,
+  PLAN_SUBSCRIBE: (planId) => `/api/plan/${planId}/subscribe`,
+  PLAN_CHANGES: (planId) => `/api/plan/${planId}/changes`,
+  PLAN_UNSUBSCRIBE: (planId) => `/api/plan/${planId}/unsubscribe`,
+  PLAN_PR_DIFF: (planId, prNumber) => `/api/plans/${planId}/pr-diff/${prNumber}`,
+  PLAN_PR_FILES: (planId, prNumber) => `/api/plans/${planId}/pr-files/${prNumber}`,
+  HOOK_SESSION: "/api/hook/session",
+  HOOK_CONTENT: (planId) => `/api/hook/plan/${planId}/content`,
+  HOOK_REVIEW: (planId) => `/api/hook/plan/${planId}/review`,
+  HOOK_SESSION_TOKEN: (planId) => `/api/hook/plan/${planId}/session-token`,
+  HOOK_PRESENCE: (planId) => `/api/hook/plan/${planId}/presence`,
+  CONVERSATION_IMPORT: "/api/conversation/import",
+  WEB_TASK: (planId) => `/task/${planId}`
+};
+function createPlanWebUrl(baseUrl, planId) {
+  return `${baseUrl.replace(/\/$/, "")}${ROUTES.WEB_TASK(planId)}`;
+}
 var InviteTokenSchema = external_exports.object({
   id: external_exports.string(),
   tokenHash: external_exports.string(),
@@ -45749,7 +45773,7 @@ async function handleUpdatedPlanReview(sessionId, planId, planContent, _originMe
   }
   const baseUrl = webConfig.SHIPYARD_WEB_URL;
   logger.info(
-    { planId, url: `${baseUrl}/plan/${planId}` },
+    { planId, url: createPlanWebUrl(baseUrl, planId) },
     "Content synced, browser already open. Waiting for server approval..."
   );
   const decision = await waitForReviewDecision(planId, "");
@@ -45906,7 +45930,7 @@ Reviewer comment: ${decision.reviewComment}` : "";
         allow: false,
         message: `Plan is pending review.
-Open: ${baseUrl}/plan/${planId}`,
+Open: ${createPlanWebUrl(baseUrl, planId)}`,
         planId
       };
     case "draft":
@@ -45914,7 +45938,7 @@ Open: ${baseUrl}/plan/${planId}`,
         allow: false,
         message: `Plan is still in draft.
-Submit for review at: ${baseUrl}/plan/${planId}`,
+Submit for review at: ${createPlanWebUrl(baseUrl, planId)}`,
         planId
       };
     case "in_progress":

package/apps/server/dist/{chunk-BWP37ADP.js → chunk-B4TQH7Q3.js} RENAMED Viewed

@@ -3,7 +3,7 @@ import {
   YDOC_KEYS,
   createInputRequest,
   logPlanEvent
-} from "./chunk-76JWRTPI.js";
+} from "./chunk-UFE5KX7E.js";
 import {
   logger
 } from "./chunk-GSGLHRWX.js";

package/apps/server/dist/{chunk-E5DWX2WU.js → chunk-OLFHVNPI.js} RENAMED Viewed

@@ -152,6 +152,34 @@ function getUsernameFromGitConfig() {
     return null;
   }
 }
+async function getVerifiedGitHubUsername() {
+  if (githubConfig.GITHUB_USERNAME) {
+    logger.info({ username: githubConfig.GITHUB_USERNAME }, "Using GITHUB_USERNAME from env");
+    return githubConfig.GITHUB_USERNAME;
+  }
+  if (githubConfig.GITHUB_TOKEN) {
+    try {
+      const username = await getUsernameFromToken(githubConfig.GITHUB_TOKEN);
+      if (username) {
+        logger.info({ username }, "Got verified username from GITHUB_TOKEN");
+        return username;
+      }
+    } catch (error) {
+      logger.warn({ error }, "Failed to get username from GITHUB_TOKEN");
+    }
+  }
+  try {
+    const username = getUsernameFromCLI();
+    if (username) {
+      logger.info({ username }, "Got verified username from gh CLI");
+      return username;
+    }
+  } catch (error) {
+    logger.debug({ error }, "Failed to get username from gh CLI");
+  }
+  logger.warn("No verified GitHub authentication available");
+  return null;
+}
 function getGitBranch() {
   try {
     return execSync2("git branch --show-current", {
@@ -176,5 +204,6 @@ export {
   githubConfig,
   getRepositoryFullName,
   getGitHubUsername,
+  getVerifiedGitHubUsername,
   getEnvironmentContext
 };

package/apps/server/dist/{chunk-76JWRTPI.js → chunk-UFE5KX7E.js} RENAMED Viewed

@@ -552,7 +552,8 @@ var PlanEventTypes = [
   "input_request_created",
   "input_request_answered",
   "input_request_declined",
-  "agent_activity"
+  "agent_activity",
+  "session_token_regenerated"
 ];
 var AgentActivityTypes = [
   "help_request",
@@ -701,7 +702,8 @@ var PlanEventSchema = z.discriminatedUnion("type", [
   PlanEventBaseSchema.extend({
     type: z.literal("agent_activity"),
     data: AgentActivityDataSchema
-  })
+  }),
+  PlanEventBaseSchema.extend({ type: z.literal("session_token_regenerated") })
 ]);
 function isInboxWorthy(event, username, ownerId) {
   if (!event.inboxWorthy) return false;
@@ -863,7 +865,7 @@ function createHandedOffConversationVersion(params) {
   return ConversationVersionSchema.parse(version);
 }
-// ../../packages/schema/dist/yjs-helpers-BBG4tC2R.mjs
+// ../../packages/schema/dist/yjs-helpers-A0hIPiRs.mjs
 import { z as z2 } from "zod";
 import { nanoid as nanoid2 } from "nanoid";
 import * as Y from "yjs";
@@ -1753,6 +1755,27 @@ function declineInputRequest(ydoc, requestId) {
   });
   return { success: true };
 }
+function atomicRegenerateTokenIfOwner(ydoc, expectedOwnerId, newTokenHash, actor) {
+  let result = {
+    success: false,
+    actualOwner: void 0
+  };
+  ydoc.transact(() => {
+    const map = ydoc.getMap(YDOC_KEYS.METADATA);
+    const currentOwner = map.get("ownerId");
+    if (currentOwner !== expectedOwnerId) {
+      result = {
+        success: false,
+        actualOwner: currentOwner
+      };
+      return;
+    }
+    map.set("sessionTokenHash", newTokenHash);
+    map.set("updatedAt", Date.now());
+    result = { success: true };
+  }, actor ? { actor } : void 0);
+  return result;
+}
 // ../../packages/schema/dist/url-encoding.mjs
 var import_lz_string = __toESM(require_lz_string(), 1);
@@ -2251,6 +2274,29 @@ function asWebRTCPeerId(id) {
 function asGitHubUsername(username) {
   return username;
 }
+var ROUTES = {
+  REGISTRY_LIST: "/registry",
+  REGISTRY_REGISTER: "/register",
+  REGISTRY_UNREGISTER: "/unregister",
+  PLAN_STATUS: (planId) => `/api/plan/${planId}/status`,
+  PLAN_HAS_CONNECTIONS: (planId) => `/api/plan/${planId}/has-connections`,
+  PLAN_TRANSCRIPT: (planId) => `/api/plan/${planId}/transcript`,
+  PLAN_SUBSCRIBE: (planId) => `/api/plan/${planId}/subscribe`,
+  PLAN_CHANGES: (planId) => `/api/plan/${planId}/changes`,
+  PLAN_UNSUBSCRIBE: (planId) => `/api/plan/${planId}/unsubscribe`,
+  PLAN_PR_DIFF: (planId, prNumber) => `/api/plans/${planId}/pr-diff/${prNumber}`,
+  PLAN_PR_FILES: (planId, prNumber) => `/api/plans/${planId}/pr-files/${prNumber}`,
+  HOOK_SESSION: "/api/hook/session",
+  HOOK_CONTENT: (planId) => `/api/hook/plan/${planId}/content`,
+  HOOK_REVIEW: (planId) => `/api/hook/plan/${planId}/review`,
+  HOOK_SESSION_TOKEN: (planId) => `/api/hook/plan/${planId}/session-token`,
+  HOOK_PRESENCE: (planId) => `/api/hook/plan/${planId}/presence`,
+  CONVERSATION_IMPORT: "/api/conversation/import",
+  WEB_TASK: (planId) => `/task/${planId}`
+};
+function createPlanWebUrl(baseUrl, planId) {
+  return `${baseUrl.replace(/\/$/, "")}${ROUTES.WEB_TASK(planId)}`;
+}
 var InviteTokenSchema = z3.object({
   id: z3.string(),
   tokenHash: z3.string(),
@@ -2284,7 +2330,7 @@ function parseInviteFromUrl(url) {
 }
 function buildInviteUrl(baseUrl, planId, tokenId, tokenValue) {
   const normalizedBase = baseUrl.endsWith("/") ? baseUrl.slice(0, -1) : baseUrl;
-  const url = new URL(`${normalizedBase}/task/${planId}`);
+  const url = new URL(`${normalizedBase}${ROUTES.WEB_TASK(planId)}`);
   url.searchParams.set("invite", `${tokenId}:${tokenValue}`);
   return url.toString();
 }
@@ -2565,25 +2611,6 @@ function getAllEventViewedByForPlan(ydoc, planId) {
   }
   return result;
 }
-var ROUTES = {
-  REGISTRY_LIST: "/registry",
-  REGISTRY_REGISTER: "/register",
-  REGISTRY_UNREGISTER: "/unregister",
-  PLAN_STATUS: (planId) => `/api/plan/${planId}/status`,
-  PLAN_HAS_CONNECTIONS: (planId) => `/api/plan/${planId}/has-connections`,
-  PLAN_TRANSCRIPT: (planId) => `/api/plan/${planId}/transcript`,
-  PLAN_SUBSCRIBE: (planId) => `/api/plan/${planId}/subscribe`,
-  PLAN_CHANGES: (planId) => `/api/plan/${planId}/changes`,
-  PLAN_UNSUBSCRIBE: (planId) => `/api/plan/${planId}/unsubscribe`,
-  PLAN_PR_DIFF: (planId, prNumber) => `/api/plans/${planId}/pr-diff/${prNumber}`,
-  PLAN_PR_FILES: (planId, prNumber) => `/api/plans/${planId}/pr-files/${prNumber}`,
-  HOOK_SESSION: "/api/hook/session",
-  HOOK_CONTENT: (planId) => `/api/hook/plan/${planId}/content`,
-  HOOK_REVIEW: (planId) => `/api/hook/plan/${planId}/review`,
-  HOOK_SESSION_TOKEN: (planId) => `/api/hook/plan/${planId}/session-token`,
-  HOOK_PRESENCE: (planId) => `/api/hook/plan/${planId}/presence`,
-  CONVERSATION_IMPORT: "/api/conversation/import"
-};
 function formatThreadsForLLM(threads, options = {}) {
   const { includeResolved = false, selectedTextMaxLength = 100, resolveUser } = options;
   const unresolvedThreads = threads.filter((t$1) => !t$1.resolved);
@@ -2896,6 +2923,7 @@ export {
   answerInputRequest,
   cancelInputRequest,
   declineInputRequest,
+  atomicRegenerateTokenIfOwner,
   isUrlEncodedPlanV1,
   isUrlEncodedPlanV2,
   encodePlan,
@@ -2923,6 +2951,8 @@ export {
   asAwarenessClientId,
   asWebRTCPeerId,
   asGitHubUsername,
+  ROUTES,
+  createPlanWebUrl,
   InviteTokenSchema,
   InviteRedemptionSchema,
   parseInviteFromUrl,
@@ -2963,7 +2993,6 @@ export {
   clearEventViewedBy,
   isEventUnread,
   getAllEventViewedByForPlan,
-  ROUTES,
   formatThreadsForLLM,
   PlanIdSchema,
   PlanStatusResponseSchema,

package/apps/server/dist/{dist-ORKL4P3L.js → dist-E4CPV3SO.js} RENAMED Viewed

@@ -92,6 +92,7 @@ import {
   asWebRTCPeerId,
   assertNever,
   assertNeverP2PMessage,
+  atomicRegenerateTokenIfOwner,
   buildInviteUrl,
   cancelInputRequest,
   claudeCodeToA2A,
@@ -108,6 +109,7 @@ import {
   createPlanSnapshot,
   createPlanUrl,
   createPlanUrlWithHistory,
+  createPlanWebUrl,
   createUserResolver,
   declineInputRequest,
   decodeChunkMessage,
@@ -204,7 +206,7 @@ import {
   updateLinkedPRStatus,
   updatePlanIndexViewedBy,
   validateA2AMessages
-} from "./chunk-76JWRTPI.js";
+} from "./chunk-UFE5KX7E.js";
 import "./chunk-JSBRDJBE.js";
 export {
   A2ADataPartSchema,
@@ -300,6 +302,7 @@ export {
   asWebRTCPeerId,
   assertNever,
   assertNeverP2PMessage,
+  atomicRegenerateTokenIfOwner,
   buildInviteUrl,
   cancelInputRequest,
   claudeCodeToA2A,
@@ -316,6 +319,7 @@ export {
   createPlanSnapshot,
   createPlanUrl,
   createPlanUrlWithHistory,
+  createPlanWebUrl,
   createUserResolver,
   declineInputRequest,
   decodeChunkMessage,

package/apps/server/dist/index.js CHANGED Viewed

@@ -3,8 +3,9 @@ import {
   getEnvironmentContext,
   getGitHubUsername,
   getRepositoryFullName,
+  getVerifiedGitHubUsername,
   githubConfig
-} from "./chunk-E5DWX2WU.js";
+} from "./chunk-OLFHVNPI.js";
 import {
   assertNever,
   getSessionIdByPlanId,
@@ -19,7 +20,7 @@ import {
 } from "./chunk-EBNL5ZX7.js";
 import {
   InputRequestManager
-} from "./chunk-BWP37ADP.js";
+} from "./chunk-B4TQH7Q3.js";
 import {
   ArtifactSchema,
   DeliverableSchema,
@@ -40,10 +41,12 @@ import {
   addPRReviewComment,
   addSnapshot,
   appRouter,
+  atomicRegenerateTokenIfOwner,
   createInitialConversationVersion,
   createLinkedPR,
   createPlanSnapshot,
   createPlanUrlWithHistory,
+  createPlanWebUrl,
   createUserResolver,
   extractDeliverables,
   extractMentions,
@@ -69,7 +72,7 @@ import {
   setPlanMetadata,
   touchPlanIndexEntry,
   transitionPlanStatus
-} from "./chunk-76JWRTPI.js";
+} from "./chunk-UFE5KX7E.js";
 import {
   loadEnv,
   logger
@@ -590,8 +593,7 @@ function extractTitleFromBlocks(blocks) {
 async function createSessionHandler(input, ctx) {
   const existingSession = getSessionState(input.sessionId);
   if (existingSession) {
-    const webUrl2 = webConfig.SHIPYARD_WEB_URL;
-    const url2 = `${webUrl2}/plan/${existingSession.planId}`;
+    const url2 = createPlanWebUrl(webConfig.SHIPYARD_WEB_URL, existingSession.planId);
     ctx.logger.info(
       { planId: existingSession.planId, sessionId: input.sessionId },
       "Returning existing session (idempotent)"
@@ -656,8 +658,7 @@ async function createSessionHandler(input, ctx) {
     ownerId,
     deleted: false
   });
-  const webUrl = webConfig.SHIPYARD_WEB_URL;
-  const url = `${webUrl}/plan/${planId}`;
+  const url = createPlanWebUrl(webConfig.SHIPYARD_WEB_URL, planId);
   ctx.logger.info({ url }, "Plan URL generated");
   setSessionState(input.sessionId, {
     lifecycle: "created",
@@ -836,8 +837,7 @@ async function setSessionTokenHandler(planId, sessionTokenHash, ctx) {
   setPlanMetadata(ydoc, {
     sessionTokenHash
   });
-  const webUrl = webConfig.SHIPYARD_WEB_URL;
-  const url = `${webUrl}/plan/${planId}`;
+  const url = createPlanWebUrl(webConfig.SHIPYARD_WEB_URL, planId);
   const session = getSessionStateByPlanId(planId);
   const sessionId = getSessionIdByPlanId(planId);
   if (session && sessionId) {
@@ -1017,7 +1017,7 @@ async function waitForApprovalHandler(planId, _reviewRequestIdParam, ctx) {
       setSessionState(sessionId, {
         lifecycle: "approved_awaiting_token",
         ...baseState,
-        url: `${webUrl}/plan/${baseState.planId}`,
+        url: createPlanWebUrl(webUrl, baseState.planId),
         approvedAt: extraData.approvedAt,
         deliverables: extraData.deliverables,
         reviewComment,
@@ -1036,7 +1036,7 @@ async function waitForApprovalHandler(planId, _reviewRequestIdParam, ctx) {
       ...baseState,
       contentHash: syncedFields?.contentHash ?? "",
       sessionToken: syncedFields?.sessionToken ?? "",
-      url: syncedFields?.url ?? `${webUrl}/plan/${baseState.planId}`,
+      url: syncedFields?.url ?? createPlanWebUrl(webUrl, baseState.planId),
       deliverables,
       reviewComment: reviewComment || "",
       reviewedBy,
@@ -1229,8 +1229,7 @@ async function getDeliverableContextHandler(planId, sessionToken, ctx) {
     });
   }
   const deliverables = getDeliverables(ydoc);
-  const webUrl = webConfig.SHIPYARD_WEB_URL;
-  const url = `${webUrl}/plan/${planId}`;
+  const url = createPlanWebUrl(webConfig.SHIPYARD_WEB_URL, planId);
   let deliverablesSection = "";
   if (deliverables.length > 0) {
     deliverablesSection = `
@@ -2472,7 +2471,7 @@ import * as os from "os";
 import * as path from "path";
 import * as vm from "vm";
 import ffmpegInstaller from "@ffmpeg-installer/ffmpeg";
-import { z as z12 } from "zod";
+import { z as z13 } from "zod";
 // src/tools/add-artifact.ts
 import { execSync } from "child_process";
@@ -2538,6 +2537,7 @@ var TOOL_NAMES = {
   EXECUTE_CODE: "execute_code",
   LINK_PR: "link_pr",
   READ_PLAN: "read_plan",
+  REGENERATE_SESSION_TOKEN: "regenerate_session_token",
   REQUEST_USER_INPUT: "request_user_input",
   SETUP_REVIEW_NOTIFICATION: "setup_review_notification",
   UPDATE_BLOCK_CONTENT: "update_block_content",
@@ -3627,7 +3627,7 @@ Bad deliverables (not provable):
       deleted: false
     });
     logger.info({ planId }, "Plan index updated");
-    const url = `${webConfig.SHIPYARD_WEB_URL}/plan/${planId}`;
+    const url = createPlanWebUrl(webConfig.SHIPYARD_WEB_URL, planId);
     await openPlanInBrowser(planId, url);
     const repoInfo = repo ? `Repo: ${repo}${!input.repo ? " (auto-detected)" : ""}` : "Repo: Not set (provide repo and prNumber for artifact uploads)";
     return {
@@ -4136,11 +4136,146 @@ OUTPUT INCLUDES:
   }
 };
-// src/tools/setup-review-notification.ts
+// src/tools/regenerate-session-token.ts
 import { z as z9 } from "zod";
-var SetupReviewNotificationInput = z9.object({
-  planId: z9.string().describe("Plan ID to monitor"),
-  pollIntervalSeconds: z9.number().optional().default(30).describe("Polling interval in seconds (default: 30)")
+var RegenerateSessionTokenInput = z9.object({
+  planId: z9.string().describe("The plan ID to regenerate token for")
+});
+var regenerateSessionTokenTool = {
+  definition: {
+    name: TOOL_NAMES.REGENERATE_SESSION_TOKEN,
+    description: `Regenerate the session token for a plan.
+USE WHEN:
+- Your Claude Code session ended and you lost the original token
+- You need to resume work on a plan you own
+- The old token may have been compromised
+REQUIREMENTS:
+- You must be the plan owner (verified via GitHub identity)
+- The plan must exist and have an ownerId set
+RETURNS:
+- New session token that can be used for add_artifact, read_plan, etc.
+SECURITY:
+- Only the plan owner can regenerate tokens
+- Old token is immediately invalidated
+- New token is returned only once - store it securely`,
+    inputSchema: {
+      type: "object",
+      properties: {
+        planId: { type: "string", description: "The plan ID to regenerate token for" }
+      },
+      required: ["planId"]
+    }
+  },
+  handler: async (args) => {
+    const { planId } = RegenerateSessionTokenInput.parse(args);
+    logger.info({ planId }, "Attempting to regenerate session token");
+    const currentUser = await getVerifiedGitHubUsername();
+    if (!currentUser) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Token regeneration requires verified GitHub authentication.
+Please configure ONE of:
+1. GITHUB_USERNAME environment variable
+2. GITHUB_TOKEN environment variable (will verify via API)
+3. Run: gh auth login
+Note: git config user.name is NOT accepted for security-critical operations.`
+          }
+        ],
+        isError: true
+      };
+    }
+    const doc = await getOrCreateDoc3(planId);
+    const metadata = getPlanMetadata(doc);
+    if (!metadata) {
+      return {
+        content: [{ type: "text", text: `Plan "${planId}" not found.` }],
+        isError: true
+      };
+    }
+    if (!metadata.ownerId) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Plan "${planId}" has no owner set. Cannot regenerate token for ownerless plans.`
+          }
+        ],
+        isError: true
+      };
+    }
+    const newToken = generateSessionToken();
+    const newTokenHash = hashSessionToken(newToken);
+    const updateResult = atomicRegenerateTokenIfOwner(
+      doc,
+      metadata.ownerId,
+      newTokenHash,
+      currentUser
+    );
+    if (!updateResult.success) {
+      const actualOwner = updateResult.actualOwner;
+      if (actualOwner !== currentUser) {
+        logger.warn(
+          { planId, expectedOwner: metadata.ownerId, actualOwner, currentUser },
+          "Token regeneration denied - ownership changed during operation"
+        );
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Access denied. You do not have permission to regenerate the session token for plan "${planId}".`
+            }
+          ],
+          isError: true
+        };
+      }
+      logger.error(
+        { planId, expectedOwner: metadata.ownerId, actualOwner, currentUser },
+        "Unexpected failure in atomic token regeneration"
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: "Token regeneration failed due to an unexpected error. Please try again."
+          }
+        ],
+        isError: true
+      };
+    }
+    logPlanEvent(doc, "session_token_regenerated", currentUser);
+    logger.info({ planId, ownerId: metadata.ownerId }, "Session token regenerated successfully");
+    return {
+      content: [
+        {
+          type: "text",
+          text: `Session token regenerated successfully!
+Plan: ${metadata.title}
+Plan ID: ${planId}
+New Session Token: ${newToken}
+IMPORTANT: Store this token securely. The old token has been invalidated.
+Use this token for add_artifact, read_plan, link_pr, and other plan operations.`
+        }
+      ]
+    };
+  }
+};
+// src/tools/setup-review-notification.ts
+import { z as z10 } from "zod";
+var SetupReviewNotificationInput = z10.object({
+  planId: z10.string().describe("Plan ID to monitor"),
+  pollIntervalSeconds: z10.number().optional().default(30).describe("Polling interval in seconds (default: 30)")
 });
 var setupReviewNotificationTool = {
   definition: {
@@ -4258,31 +4393,31 @@ The script:
 // src/tools/update-block-content.ts
 import { ServerBlockNoteEditor as ServerBlockNoteEditor6 } from "@blocknote/server-util";
-import { z as z10 } from "zod";
-var BlockOperationSchema = z10.discriminatedUnion("type", [
-  z10.object({
-    type: z10.literal("update"),
-    blockId: z10.string().describe("The block ID to update (from read_plan output)"),
-    content: z10.string().describe("New markdown content for this block")
+import { z as z11 } from "zod";
+var BlockOperationSchema = z11.discriminatedUnion("type", [
+  z11.object({
+    type: z11.literal("update"),
+    blockId: z11.string().describe("The block ID to update (from read_plan output)"),
+    content: z11.string().describe("New markdown content for this block")
   }),
-  z10.object({
-    type: z10.literal("insert"),
-    afterBlockId: z10.string().nullable().describe("Insert after this block ID (null = insert at beginning)"),
-    content: z10.string().describe("Markdown content to insert as new block(s)")
+  z11.object({
+    type: z11.literal("insert"),
+    afterBlockId: z11.string().nullable().describe("Insert after this block ID (null = insert at beginning)"),
+    content: z11.string().describe("Markdown content to insert as new block(s)")
   }),
-  z10.object({
-    type: z10.literal("delete"),
-    blockId: z10.string().describe("The block ID to delete")
+  z11.object({
+    type: z11.literal("delete"),
+    blockId: z11.string().describe("The block ID to delete")
   }),
-  z10.object({
-    type: z10.literal("replace_all"),
-    content: z10.string().describe("Complete markdown content to replace the entire plan")
+  z11.object({
+    type: z11.literal("replace_all"),
+    content: z11.string().describe("Complete markdown content to replace the entire plan")
   })
 ]);
-var UpdateBlockContentInput = z10.object({
-  planId: z10.string().describe("The plan ID to modify"),
-  sessionToken: z10.string().describe("Session token from create_plan"),
-  operations: z10.array(BlockOperationSchema).min(1).describe("Array of operations to perform atomically")
+var UpdateBlockContentInput = z11.object({
+  planId: z11.string().describe("The plan ID to modify"),
+  sessionToken: z11.string().describe("Session token from create_plan"),
+  operations: z11.array(BlockOperationSchema).min(1).describe("Array of operations to perform atomically")
 });
 var updateBlockContentTool = {
   definition: {
@@ -4544,7 +4679,7 @@ async function applyOperation(blocks, operation, editor) {
 // src/tools/update-plan.ts
 import { ServerBlockNoteEditor as ServerBlockNoteEditor7 } from "@blocknote/server-util";
 import { nanoid as nanoid7 } from "nanoid";
-import { z as z11 } from "zod";
+import { z as z12 } from "zod";
 function buildStatusTransition(targetStatus, actorName) {
   const now = Date.now();
   switch (targetStatus) {
@@ -4577,12 +4712,12 @@ function buildStatusTransition(targetStatus, actorName) {
       return null;
   }
 }
-var UpdatePlanInput = z11.object({
-  planId: z11.string().describe("The plan ID to update"),
-  sessionToken: z11.string().describe("Session token from create_plan"),
-  title: z11.string().optional().describe("New title"),
-  status: z11.enum(["draft", "pending_review", "changes_requested", "in_progress", "completed"]).optional().describe("New status"),
-  tags: z11.array(z11.string()).optional().describe("Updated tags (replaces existing tags)")
+var UpdatePlanInput = z12.object({
+  planId: z12.string().describe("The plan ID to update"),
+  sessionToken: z12.string().describe("Session token from create_plan"),
+  title: z12.string().optional().describe("New title"),
+  status: z12.enum(["draft", "pending_review", "changes_requested", "in_progress", "completed"]).optional().describe("New status"),
+  tags: z12.array(z12.string()).optional().describe("Updated tags (replaces existing tags)")
 });
 var updatePlanTool = {
   definition: {
@@ -5035,6 +5170,46 @@ await resolveActivityRequest({
 ---
+### regenerateSessionToken(planId): Promise<{ sessionToken, planId }>
+Regenerate the session token for a plan you own.
+USE WHEN:
+- Your Claude Code session ended and you lost the original token
+- You need to resume work on a plan from a previous session
+- The old token may have been compromised
+REQUIREMENTS:
+- You must be the plan owner (verified via GitHub identity)
+- The plan must exist and have an ownerId set
+Returns:
+- sessionToken: New token for API calls
+- planId: The plan ID
+SECURITY:
+- Only the plan owner can regenerate tokens
+- Old token is immediately invalidated
+- GitHub identity verification happens on MCP server (via gh auth login)
+Example:
+\`\`\`typescript
+// Lost your session token? Regenerate it:
+const { sessionToken, planId } = await regenerateSessionToken("abc123");
+// Now use the new token for operations
+await addArtifact({
+  planId,
+  sessionToken,
+  type: 'screenshot',
+  filename: 'screenshot.png',
+  source: 'file',
+  filePath: '/tmp/screenshot.png',
+  deliverableId: 'del_xxx'
+});
+\`\`\`
+---
 ## Common Pattern
 \`\`\`typescript
@@ -5072,8 +5247,8 @@ const result = await addArtifact({
 return { planId: plan.planId, snapshotUrl: result.snapshotUrl };
 \`\`\`
 `;
-var ExecuteCodeInput = z12.object({
-  code: z12.string().describe("TypeScript code to execute")
+var ExecuteCodeInput = z13.object({
+  code: z13.string().describe("TypeScript code to execute")
 });
 var scriptTracker = [];
 async function createPlan(opts) {
@@ -5208,7 +5383,7 @@ async function setupReviewNotification(planId, pollIntervalSeconds) {
   return { script, fullResponse: text };
 }
 async function requestUserInput(opts) {
-  const { InputRequestManager: InputRequestManager2 } = await import("./input-request-manager-73GSTOIB.js");
+  const { InputRequestManager: InputRequestManager2 } = await import("./input-request-manager-IMVZDMUQ.js");
   const ydoc = await getOrCreateDoc3(PLAN_INDEX_DOC_NAME);
   const manager = new InputRequestManager2();
   const params = opts.type === "choice" ? {
@@ -5252,8 +5427,8 @@ async function requestUserInput(opts) {
   };
 }
 async function postActivityUpdate(opts) {
-  const { logPlanEvent: logPlanEvent2 } = await import("./dist-ORKL4P3L.js");
-  const { getGitHubUsername: getGitHubUsername2 } = await import("./server-identity-6PHKR2FY.js");
+  const { logPlanEvent: logPlanEvent2 } = await import("./dist-E4CPV3SO.js");
+  const { getGitHubUsername: getGitHubUsername2 } = await import("./server-identity-LSZ4CZRK.js");
   const { nanoid: nanoid8 } = await import("nanoid");
   const doc = await getOrCreateDoc3(opts.planId);
   const actorName = await getGitHubUsername2();
@@ -5275,8 +5450,8 @@ async function postActivityUpdate(opts) {
   return { success: true, eventId, requestId };
 }
 async function resolveActivityRequest(opts) {
-  const { logPlanEvent: logPlanEvent2, getPlanEvents } = await import("./dist-ORKL4P3L.js");
-  const { getGitHubUsername: getGitHubUsername2 } = await import("./server-identity-6PHKR2FY.js");
+  const { logPlanEvent: logPlanEvent2, getPlanEvents } = await import("./dist-E4CPV3SO.js");
+  const { getGitHubUsername: getGitHubUsername2 } = await import("./server-identity-LSZ4CZRK.js");
   const doc = await getOrCreateDoc3(opts.planId);
   const actorName = await getGitHubUsername2();
   const events = getPlanEvents(doc);
@@ -5301,6 +5476,18 @@ async function resolveActivityRequest(opts) {
   });
   return { success: true };
 }
+async function regenerateSessionToken(planId) {
+  const result = await regenerateSessionTokenTool.handler({ planId });
+  const text = result.content[0]?.text || "";
+  if (result.isError) {
+    throw new Error(text);
+  }
+  const tokenMatch = text.match(/New Session Token: (\S+)/);
+  return {
+    sessionToken: tokenMatch?.[1] || "",
+    planId
+  };
+}
 var executeCodeTool = {
   definition: {
     name: TOOL_NAMES.EXECUTE_CODE,
@@ -5365,6 +5552,7 @@ var executeCodeTool = {
         requestUserInput,
         postActivityUpdate,
         resolveActivityRequest,
+        regenerateSessionToken,
         // Video encoding helper (uses bundled FFmpeg)
         encodeVideo,
         // Node.js modules for advanced workflows (file ops, process spawning)
@@ -5423,15 +5611,15 @@ The script will exit when the human approves or requests changes.`
 };
 // src/tools/request-user-input.ts
-import { z as z13 } from "zod";
-var RequestUserInputInput = z13.object({
-  message: z13.string().describe("The question to ask the user"),
-  type: z13.enum(["text", "choice", "confirm", "multiline"]).describe("Type of input to request"),
-  options: z13.array(z13.string()).optional().describe("For 'choice' type - available options (required for choice)"),
-  multiSelect: z13.boolean().optional().describe("For 'choice' type - allow selecting multiple options"),
-  defaultValue: z13.string().optional().describe("Pre-filled value for text/multiline inputs"),
-  timeout: z13.number().optional().describe("Timeout in seconds (default: 1800, min: 10, max: 14400)"),
-  planId: z13.string().optional().describe("Optional metadata to link request to plan (for activity log filtering)")
+import { z as z14 } from "zod";
+var RequestUserInputInput = z14.object({
+  message: z14.string().describe("The question to ask the user"),
+  type: z14.enum(["text", "choice", "confirm", "multiline"]).describe("Type of input to request"),
+  options: z14.array(z14.string()).optional().describe("For 'choice' type - available options (required for choice)"),
+  multiSelect: z14.boolean().optional().describe("For 'choice' type - allow selecting multiple options"),
+  defaultValue: z14.string().optional().describe("Pre-filled value for text/multiline inputs"),
+  timeout: z14.number().optional().describe("Timeout in seconds (default: 1800, min: 10, max: 14400)"),
+  planId: z14.string().optional().describe("Optional metadata to link request to plan (for activity log filtering)")
 });
 var requestUserInputTool = {
   definition: {

package/apps/server/dist/{input-request-manager-73GSTOIB.js → input-request-manager-IMVZDMUQ.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import {
   InputRequestManager
-} from "./chunk-BWP37ADP.js";
-import "./chunk-76JWRTPI.js";
+} from "./chunk-B4TQH7Q3.js";
+import "./chunk-UFE5KX7E.js";
 import "./chunk-GSGLHRWX.js";
 import "./chunk-JSBRDJBE.js";
 export {

package/apps/server/dist/{server-identity-6PHKR2FY.js → server-identity-LSZ4CZRK.js} RENAMED Viewed

@@ -1,12 +1,14 @@
 import {
   getEnvironmentContext,
   getGitHubUsername,
-  getRepositoryFullName
-} from "./chunk-E5DWX2WU.js";
+  getRepositoryFullName,
+  getVerifiedGitHubUsername
+} from "./chunk-OLFHVNPI.js";
 import "./chunk-GSGLHRWX.js";
 import "./chunk-JSBRDJBE.js";
 export {
   getEnvironmentContext,
   getGitHubUsername,
-  getRepositoryFullName
+  getRepositoryFullName,
+  getVerifiedGitHubUsername
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@schoolai/shipyard-mcp",
-  "version": "0.2.2-next.483",
+  "version": "0.2.2-next.487",
   "description": "Shipyard MCP server and CLI tools for distributed planning with CRDTs",
   "type": "module",
   "bin": {