@schoolai/shipyard 3.14.0 → 3.15.0-rc.20260616.1

package/dist/capability-detector-worker.js

@@ -3,7 +3,7 @@ import {
   detectCapabilities,
   refreshMcpServers,
   registerBuiltInProfiles
-} from "./chunk-OX3UY44R.js";
+} from "./chunk-URRNZGFO.js";
 import "./chunk-TUQTEWK3.js";
 import {
   getRepoMetadata
@@ -11,13 +11,13 @@ import {
 import "./chunk-4T2OQAVL.js";
 import {
   MCPTokenStore
-} from "./chunk-T3OTZ66B.js";
+} from "./chunk-B7WZUKYX.js";
 import "./chunk-RR6V6SNM.js";
 import "./chunk-4MRKRVIQ.js";
 import "./chunk-ZFKJAYAN.js";
-import "./chunk-RCEAMZVG.js";
-import "./chunk-IWBDVGD2.js";
-import "./chunk-M3WBYTB3.js";
+import "./chunk-WMD76UPS.js";
+import "./chunk-4FVMGXFP.js";
+import "./chunk-FJXRLZZI.js";
 import "./chunk-EHQITHQX.js";
 import "./chunk-X3MULCV5.js";
 import {

package/dist/{chunk-IWBDVGD2.js → chunk-4FVMGXFP.js}

@@ -2,7 +2,7 @@
 import {
   PUBLISHED_PREVIEW_KINDS,
   PUBLISH_TTL_CHOICES
-} from "./chunk-M3WBYTB3.js";
+} from "./chunk-FJXRLZZI.js";
 import {
   external_exports
 } from "./chunk-JCEWPG3R.js";
@@ -28835,4 +28835,4 @@ export {
   encodeDrain,
   decodeFrame
 };
-//# sourceMappingURL=chunk-IWBDVGD2.js.map
+//# sourceMappingURL=chunk-4FVMGXFP.js.map

package/dist/{chunk-T3OTZ66B.js → chunk-B7WZUKYX.js}

@@ -14,10 +14,10 @@ import {
 } from "./chunk-JCEWPG3R.js";
 
 // src/shared/capabilities/mcp-servers.ts
-import { readFile as readFile3, stat as stat2 } from "fs/promises";
+import { readFile as readFile4 } from "fs/promises";
 import { homedir as homedir2 } from "os";
-import { basename, join as join3, resolve } from "path";
-import { parse as parseToml } from "toml";
+import { join as join3, resolve } from "path";
+import { parse as parseToml2 } from "toml";
 
 // src/shared/mcp/claude-code-credentials.ts
 import { execFile as execFileCb } from "child_process";
@@ -523,6 +523,84 @@ var MCPTokenStore = class {
   }
 };
 
+// src/services/metrics/telemeter.ts
+var TELEMETERED_EVENT_NAMES = [
+  "anthropic_login_failed",
+  "claudeai_integrations_fetch_failed",
+  "codex_spawn_failed",
+  "run_stall_timeout",
+  "request_task_state_replay_failed",
+  "loro_recovery_failed",
+  "mcp_server_connect_failed",
+  "mcp_server_needs_auth",
+  "mcp_reconnect_failed",
+  "mcp_reconnect_terminal",
+  "mcp_reconnect_terminal_unsupported",
+  "mcp_reauth_failed",
+  "mcp_adopted_set_failed",
+  "mcp_push_failed",
+  "harness_mcp_registration_failed",
+  "codex_auth_divergence_detected",
+  "cursor_auth_divergence_detected",
+  /**
+   * A Codex remote-compact cycle failed with a 401 "Missing bearer" error —
+   * the app-server lost its in-memory token during refresh-token rotation.
+   * Emitted once per compact attempt (not per retry) so fleet dashboards can
+   * surface the storm rate without log amplification.
+   */
+  "codex_compact_auth_failure",
+  "event_loop_stall",
+  "machine_sleep_artifact",
+  /**
+   * Per-process memory from the Electron main process (`app.getAppMetrics()`).
+   * The only source of true per-process RSS for the renderer/GPU/utility — JS
+   * heap (browser_metrics_sample) is capped ~4GB and cannot reveal a 50GB
+   * process. Forwarded to D1 by the daemon so runaway RAM is localizable
+   * fleet-wide to the offending Electron process.
+   */
+  "electron_app_metrics",
+  /** Electron main cleared a wedged Squirrel.Mac staged install on launch. */
+  "squirrel_install_stuck_recovered",
+  /**
+   * An ALO control-channel entry exhausted its maxDeliver retry budget
+   * without receiving an ack. Payload: { streamId, attempts, channel: 'control' }.
+   * Emitted via the `onDeadLetter` callback in control-channel-wiring.ts.
+   * Complements the `alo_resend_exhausted` ERROR log event emitted by the
+   * shell itself; this telemetry path routes it to D1 for fleet-wide
+   * observability so silent resend exhaustion is detectable in aggregate.
+   */
+  "alo_resend_exhausted",
+  /**
+   * An ALO control-channel shell reaped itself as an orphan — no truncating
+   * ack landed for `orphanThresholdMs` (5 min) while its retry buffer was
+   * non-empty, so the WHOLE buffer of unacked control messages was discarded.
+   * This is the bulk-loss sibling of `alo_resend_exhausted` (one entry): a
+   * reap can drop dozens of messages at once. Payload:
+   * { streamId, discardedCount, msSinceLastAck, attempts, channel: 'control' }.
+   * Emitted via the `onOrphanReaped` callback in control-channel-wiring.ts;
+   * the shell also emits a matching ERROR log. Routed to D1 so silent
+   * reconnect-time loss is detectable fleet-wide.
+   */
+  "alo_shell_orphan_reaped",
+  /**
+   * A `task_index_snapshot` envelope serialized past the control-channel
+   * high-water even after byte-bounded pagination — i.e. a single slim entry
+   * alone exceeds the cap (a page is guaranteed >=1 entry for forward
+   * progress). The control channel may drop it whole (`channel_send_dropped`).
+   * Payload: { bytes, taskCount, limitBytes }. Surfaces the pathological
+   * oversized-record case the byte budget cannot otherwise bound.
+   */
+  "task_index_snapshot_oversized"
+];
+var TELEMETERED_EVENTS = new Set(TELEMETERED_EVENT_NAMES);
+var sink = null;
+function setTelemetrySink(fn) {
+  sink = fn;
+}
+function telemeter(event, payload) {
+  sink?.(event, payload);
+}
+
 // src/shared/auth/anthropic-credentials.ts
 import { execFile as execFileCb2 } from "child_process";
 import { promisify as promisify2 } from "util";
@@ -677,6 +755,17 @@ function classifyHttpStatus(status) {
   if (status >= 500 && status < 600) return "http_5xx";
   return "http_other";
 }
+function classifyClaudeAiIntegrationsFailure(input) {
+  const accountIssue = input.status === 403 && input.errorBody?.includes("user:mcp_servers") ? {
+    kind: "missing_user_mcp_servers_scope",
+    message: "Re-authenticate with Claude to enable claude.ai connectors."
+  } : null;
+  return {
+    errorClass: classifyHttpStatus(input.status),
+    shouldBackoffAuth: input.status === 401 || input.status === 403,
+    accountIssue
+  };
+}
 function classifyException(err) {
   if (err instanceof Error) {
     if (err.name === "AbortError") return "timeout";
@@ -693,16 +782,16 @@ async function readErrorBody(response) {
     return null;
   }
 }
-async function fetchClaudeAiIntegrations(log) {
+async function fetchClaudeAiIntegrationsWithStatus(log) {
   const url = CLAUDEAI_INTEGRATIONS_URL;
   if (Date.now() < authBackoffUntil) {
-    return [];
+    return { servers: [] };
   }
   try {
     const token = await readKeychainOAuthToken(log);
     if (!token) {
       log({ event: "claudeai_integrations_skipped", reason: "no_oauth_token" });
-      return [];
+      return { servers: [] };
     }
     const controller = new AbortController();
     const timeout = setTimeout(() => controller.abort(), 5e3);
@@ -717,14 +806,22 @@ async function fetchClaudeAiIntegrations(log) {
       });
       if (!response.ok) {
         const errorBody = await readErrorBody(response);
+        const decision = classifyClaudeAiIntegrationsFailure({
+          status: response.status,
+          errorBody
+        });
         log({
           event: "claudeai_integrations_fetch_failed",
           url,
           status: response.status,
-          errorClass: classifyHttpStatus(response.status),
+          errorClass: decision.errorClass,
           errorBody
         });
-        if (response.status === 401 || response.status === 403) {
+        telemeter("claudeai_integrations_fetch_failed", {
+          status: response.status,
+          errorClass: decision.errorClass
+        });
+        if (decision.shouldBackoffAuth) {
           authBackoffUntil = Date.now() + AUTH_BACKOFF_MS;
           log({
             event: "claudeai_integrations_auth_backoff",
@@ -732,39 +829,49 @@ async function fetchClaudeAiIntegrations(log) {
             backoffMs: AUTH_BACKOFF_MS
           });
         }
-        return [];
+        return decision.accountIssue ? { servers: [], accountIssue: decision.accountIssue } : { servers: [] };
       }
       authBackoffUntil = 0;
       const body = await response.json();
       const servers = parseClaudeAiServers(body, log);
-      return servers.map((s) => ({
-        name: s.name,
-        type: "http",
-        runtimeId: CLAUDE_CODE_RUNTIME_ID,
-        url: s.url,
-        enabled: true,
-        source: "claudeai",
-        authStatus: "unknown",
-        /** Gateway id — drives the `mcp-proxy.anthropic.com/v1/mcp/{id}` route. */
-        ...s.id ? { id: s.id } : {}
-      }));
+      return {
+        servers: servers.map((s) => ({
+          name: s.name,
+          type: "http",
+          runtimeId: CLAUDE_CODE_RUNTIME_ID,
+          url: s.url,
+          enabled: true,
+          source: "claudeai",
+          authStatus: "unknown",
+          /** Gateway id — drives the `mcp-proxy.anthropic.com/v1/mcp/{id}` route. */
+          ...s.id ? { id: s.id } : {}
+        }))
+      };
     } finally {
       clearTimeout(timeout);
     }
   } catch (err) {
+    const errorClass = classifyException(err);
     log({
       event: "claudeai_integrations_fetch_failed",
       url,
       status: null,
-      errorClass: classifyException(err),
+      errorClass,
       errorBody: null,
       error: err instanceof Error ? err.message : String(err)
     });
-    return [];
+    telemeter("claudeai_integrations_fetch_failed", {
+      status: null,
+      errorClass
+    });
+    return { servers: [] };
   }
 }
 
-// src/shared/capabilities/mcp-servers.ts
+// src/shared/capabilities/mcp-config-readers.ts
+import { readFile as readFile3, stat as stat2 } from "fs/promises";
+import { basename } from "path";
+import { parse as parseToml } from "toml";
 var MCPStdioEntrySchema = external_exports.object({
   type: external_exports.literal("stdio").optional(),
   command: external_exports.string(),
@@ -811,54 +918,6 @@ var CodexMCPHttpEntrySchema = external_exports.object({
   bearer_token_env_var: external_exports.string().optional(),
   enabled: external_exports.boolean().optional()
 }).passthrough();
-function shouldFetchClaudeAiIntegrations(preferredAuth) {
-  if (preferredAuth == null) return true;
-  return preferredAuth === "claude-ai";
-}
-function canonicalMcpServerKey(server) {
-  if (!server.url) return server.name.toLowerCase();
-  try {
-    const parsed = new URL(server.url);
-    parsed.hostname = parsed.hostname.toLowerCase();
-    parsed.protocol = parsed.protocol.toLowerCase();
-    const normalized = parsed.toString();
-    return normalized.endsWith("/") ? normalized.slice(0, -1) : normalized;
-  } catch {
-    return server.name.toLowerCase();
-  }
-}
-function dedupeServerCandidates(candidates) {
-  const deduped = /* @__PURE__ */ new Map();
-  const allSources = /* @__PURE__ */ new Map();
-  const firstId = /* @__PURE__ */ new Map();
-  for (const candidate of candidates) {
-    const key = canonicalMcpServerKey(candidate.server);
-    const existing = deduped.get(key);
-    if (!existing || candidate.priority >= existing.priority) {
-      deduped.set(key, candidate);
-    }
-    const src = candidate.server.source;
-    const srcs = allSources.get(key);
-    if (srcs === void 0) {
-      allSources.set(key, [src]);
-    } else if (!srcs.includes(src)) {
-      srcs.push(src);
-    }
-    if (!firstId.has(key) && candidate.server.id) {
-      firstId.set(key, candidate.server.id);
-    }
-  }
-  return [...deduped.values()].map((candidate) => {
-    const key = canonicalMcpServerKey(candidate.server);
-    const sources = allSources.get(key) ?? [candidate.server.source];
-    const id = firstId.get(key) ?? candidate.server.id;
-    return {
-      ...candidate.server,
-      sources,
-      ...id !== void 0 ? { id } : {}
-    };
-  });
-}
 var SECRET_PATTERNS = /^(sk-|ghp_|gho_|glpat-|xoxb-|xoxp-|Bearer\s|token\s)/i;
 var SECRET_FLAGS = /* @__PURE__ */ new Set(["--api-key", "--token", "--secret", "--password", "--key", "-k"]);
 function redactArgs(args) {
@@ -1166,15 +1225,80 @@ async function readCursorMCPConfig(filePath, source, log, metadata, now = Date.n
     now
   );
 }
+
+// src/shared/capabilities/mcp-servers.ts
+function shouldFetchClaudeAiIntegrations(preferredAuth) {
+  if (preferredAuth == null) return true;
+  return preferredAuth === "claude-ai";
+}
+function claudeAiAccountIssueServer() {
+  return {
+    name: "claude.ai connectors",
+    type: "http",
+    runtimeId: CLAUDE_CODE_RUNTIME_ID,
+    enabled: false,
+    source: "claudeai",
+    sourceLabel: "Claude.ai",
+    authStatus: "unauthenticated"
+  };
+}
+function parseTomlRecord2(raw) {
+  const parsed = parseToml2(raw);
+  return typeof parsed === "object" && parsed !== null && !Array.isArray(parsed) ? parsed : {};
+}
+function canonicalMcpServerKey(server) {
+  if (!server.url) return server.name.toLowerCase();
+  try {
+    const parsed = new URL(server.url);
+    parsed.hostname = parsed.hostname.toLowerCase();
+    parsed.protocol = parsed.protocol.toLowerCase();
+    const normalized = parsed.toString();
+    return normalized.endsWith("/") ? normalized.slice(0, -1) : normalized;
+  } catch {
+    return server.name.toLowerCase();
+  }
+}
+function dedupeServerCandidates(candidates) {
+  const deduped = /* @__PURE__ */ new Map();
+  const allSources = /* @__PURE__ */ new Map();
+  const firstId = /* @__PURE__ */ new Map();
+  for (const candidate of candidates) {
+    const key = canonicalMcpServerKey(candidate.server);
+    const existing = deduped.get(key);
+    if (!existing || candidate.priority >= existing.priority) {
+      deduped.set(key, candidate);
+    }
+    const src = candidate.server.source;
+    const srcs = allSources.get(key);
+    if (srcs === void 0) {
+      allSources.set(key, [src]);
+    } else if (!srcs.includes(src)) {
+      srcs.push(src);
+    }
+    if (!firstId.has(key) && candidate.server.id) {
+      firstId.set(key, candidate.server.id);
+    }
+  }
+  return [...deduped.values()].map((candidate) => {
+    const key = canonicalMcpServerKey(candidate.server);
+    const sources = allSources.get(key) ?? [candidate.server.source];
+    const id = firstId.get(key) ?? candidate.server.id;
+    return {
+      ...candidate.server,
+      sources,
+      ...id !== void 0 ? { id } : {}
+    };
+  });
+}
 async function readPluginMCPServers(log) {
   const servers = [];
   try {
     const settingsPath = join3(homedir2(), ".claude", "settings.json");
-    const settingsRaw = await readFile3(settingsPath, "utf-8");
+    const settingsRaw = await readFile4(settingsPath, "utf-8");
     const settings = JSON.parse(settingsRaw);
     if (!settings.enabledPlugins) return [];
     const installedPath = join3(homedir2(), ".claude", "plugins", "installed_plugins.json");
-    const installedRaw = await readFile3(installedPath, "utf-8");
+    const installedRaw = await readFile4(installedPath, "utf-8");
     const installed = JSON.parse(installedRaw);
     if (!installed.plugins) return [];
     for (const [pluginId, enabled] of Object.entries(settings.enabledPlugins)) {
@@ -1229,8 +1353,8 @@ var CodexPluginMcpServersFileSchema = external_exports.object({
 });
 async function readCodexTomlConfig(configPath) {
   try {
-    const raw = await readFile3(configPath, "utf-8");
-    const parsed = parseTomlRecord(raw);
+    const raw = await readFile4(configPath, "utf-8");
+    const parsed = parseTomlRecord2(raw);
     const result = CodexConfigTomlSchema.safeParse(parsed);
     return result.success ? result.data : null;
   } catch {
@@ -1244,7 +1368,7 @@ async function readMarketplaceJson(marketplaceSourceDir) {
   ];
   for (const candidate of candidates) {
     try {
-      const raw = await readFile3(candidate, "utf-8");
+      const raw = await readFile4(candidate, "utf-8");
       const parsed = JSON.parse(raw);
       const result = MarketplaceJsonSchema.safeParse(parsed);
       if (result.success) return result.data;
@@ -1256,7 +1380,7 @@ async function readMarketplaceJson(marketplaceSourceDir) {
 async function readCodexPluginManifestMcps(pluginRoot, pluginId, marketplaceName, log) {
   const manifestPath = join3(pluginRoot, ".codex-plugin", "plugin.json");
   try {
-    const raw = await readFile3(manifestPath, "utf-8");
+    const raw = await readFile4(manifestPath, "utf-8");
     const parsed = JSON.parse(raw);
     const manifestResult = CodexPluginManifestSchema.safeParse(parsed);
     if (!manifestResult.success) {
@@ -1272,7 +1396,7 @@ async function readCodexPluginManifestMcps(pluginRoot, pluginId, marketplaceName
     if (!manifest.mcpServers) return [];
     const mcpFilePath = resolve(pluginRoot, manifest.mcpServers);
     try {
-      const mcpRaw = await readFile3(mcpFilePath, "utf-8");
+      const mcpRaw = await readFile4(mcpFilePath, "utf-8");
       const mcpParsed = JSON.parse(mcpRaw);
       const mcpResult = CodexPluginMcpServersFileSchema.safeParse(mcpParsed);
       if (!mcpResult.success || !mcpResult.data.mcpServers) return [];
@@ -1317,7 +1441,7 @@ async function detectCodexPluginMcps(codexHome, configToml, log) {
       }
       await Promise.all(
         marketplaceJson.plugins.map(async (plugin) => {
-          if (!plugin.source || plugin.source.source !== "local") return;
+          if (plugin.source?.source !== "local") return;
           const pluginId = `${plugin.name}@${marketplaceName}`;
           const pluginEnabledEntry = pluginEnabledMap[pluginId];
           if (pluginEnabledEntry?.enabled === false) return;
@@ -1343,12 +1467,15 @@ function pushCandidates(target, servers, priority) {
     target.push({ server, priority });
   }
 }
+function isCcExpiryActive(expiresAt) {
+  return expiresAt == null || expiresAt > Date.now();
+}
 async function resolveClaudeCodeAuthStatuses(servers) {
   for (const server of servers.values()) {
     if (server.authStatus !== "unknown") continue;
     if (server.type === "stdio") continue;
     const ccCreds = await readClaudeCodeCredentials(server.name, server.url ?? "");
-    if (ccCreds?.accessToken && ccCreds.expiresAt && ccCreds.expiresAt > Date.now()) {
+    if (ccCreds?.accessToken && isCcExpiryActive(ccCreds.expiresAt)) {
       server.authStatus = "authenticated";
     }
   }
@@ -1470,7 +1597,7 @@ async function detectMCPServersInner(environments, tokenStore, log, preferredAut
   const userClaudeJsonPath = join3(homedir2(), ".claude.json");
   const codexHome = join3(homedir2(), ".codex");
   const fetchClaudeAi = shouldFetchClaudeAiIntegrations(preferredAuth);
-  const claudeAiPromise = fetchClaudeAi ? fetchClaudeAiIntegrations(log) : Promise.resolve([]);
+  const claudeAiPromise = fetchClaudeAi ? fetchClaudeAiIntegrationsWithStatus(log) : Promise.resolve({ servers: [] });
   if (!fetchClaudeAi) {
     log({ event: "claudeai_integrations_skipped_by_method", method: preferredAuth ?? null });
   }
@@ -1484,7 +1611,7 @@ async function detectMCPServersInner(environments, tokenStore, log, preferredAut
     userCursorServers,
     pluginServers,
     codexPluginServers,
-    claudeAiServers,
+    claudeAiResult,
     claudeJsonLocalServers
   ] = await Promise.all([
     readMCPConfig(userSettingsPath, "user", log, {
@@ -1528,6 +1655,7 @@ async function detectMCPServersInner(environments, tokenStore, log, preferredAut
       }
     )
   ]);
+  const claudeAiServers = claudeAiResult.accountIssue ? [...claudeAiResult.servers, claudeAiAccountIssueServer()] : claudeAiResult.servers;
   pushCandidates(allCandidates, claudeAiServers, 10);
   pushCandidates(allCandidates, pluginServers, 20);
   pushCandidates(allCandidates, codexPluginServers, 25);
@@ -1570,15 +1698,14 @@ export {
   resolveStdioEnv,
   resolveEnabledMcpServers,
   MCPTokenStore,
+  setTelemetrySink,
+  telemeter,
   readKeychainOAuthToken,
   CLAUDE_CODE_RUNTIME_ID,
   CODEX_RUNTIME_ID,
   CURSOR_RUNTIME_ID,
   getRuntimeDescriptor,
   getRuntimeDisplayName,
-  shouldFetchClaudeAiIntegrations,
-  canonicalMcpServerKey,
-  dedupeServerCandidates,
   redactArgs,
   redactEnv,
   resetMCPConfigCaches,
@@ -1586,7 +1713,13 @@ export {
   readClaudeJsonLocalMcpServers,
   readCodexMCPConfig,
   readCursorMCPConfig,
+  shouldFetchClaudeAiIntegrations,
+  canonicalMcpServerKey,
+  dedupeServerCandidates,
   detectCodexPluginMcps,
+  isCcExpiryActive,
+  resolveClaudeCodeAuthStatuses,
+  resolveAuthStatuses,
   detectMCPServers
 };
-//# sourceMappingURL=chunk-T3OTZ66B.js.map
+//# sourceMappingURL=chunk-B7WZUKYX.js.map