@snapback/cli 1.6.0 → 3.0.1

package/dist/{chunk-R7CUQ7CU.js → chunk-E6V6QKS7.js}

@@ -1,17 +1,92 @@
 #!/usr/bin/env node --no-warnings=ExperimentalWarning
-import { __name } from './chunk-RB7H4UQJ.js';
-import { existsSync, readFileSync, mkdirSync, writeFileSync } from 'fs';
+import { __name } from './chunk-7ADPL4Q3.js';
+import { readFileSync, mkdirSync, writeFileSync, existsSync } from 'fs';
 import { homedir, platform } from 'os';
 import { join, resolve, dirname } from 'path';
 import { randomUUID } from 'crypto';
 import { exec, execSync } from 'child_process';
 import { promisify } from 'util';
 
+process.env.SNAPBACK_CLI='true';
 var __defProp = Object.defineProperty;
 var __name2 = /* @__PURE__ */ __name((target, value) => __defProp(target, "name", {
   value,
   configurable: true
 }), "__name");
+var CACHE_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
+function getCacheFilePath() {
+  return join(homedir(), ".snapback", "mcp-configs", "paths.json");
+}
+__name(getCacheFilePath, "getCacheFilePath");
+__name2(getCacheFilePath, "getCacheFilePath");
+function readCache() {
+  try {
+    const raw = readFileSync(getCacheFilePath(), "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed.version === 1 && typeof parsed.discovered === "object") {
+      return parsed;
+    }
+  } catch {
+  }
+  return {
+    version: 1,
+    discovered: {}
+  };
+}
+__name(readCache, "readCache");
+__name2(readCache, "readCache");
+function writeCache(cache) {
+  try {
+    const dir = join(homedir(), ".snapback", "mcp-configs");
+    mkdirSync(dir, {
+      recursive: true
+    });
+    writeFileSync(getCacheFilePath(), JSON.stringify(cache, null, 2));
+  } catch {
+  }
+}
+__name(writeCache, "writeCache");
+__name2(writeCache, "writeCache");
+function getCachedPath(clientName) {
+  const cache = readCache();
+  const entry = cache.discovered[clientName];
+  if (!entry) return null;
+  const age = Date.now() - new Date(entry.discoveredAt).getTime();
+  if (age > CACHE_TTL_MS) return null;
+  if (!existsSync(entry.path)) {
+    delete cache.discovered[clientName];
+    writeCache(cache);
+    return null;
+  }
+  return entry.path;
+}
+__name(getCachedPath, "getCachedPath");
+__name2(getCachedPath, "getCachedPath");
+function setCachedPath(clientName, configPath) {
+  const cache = readCache();
+  cache.discovered[clientName] = {
+    path: configPath,
+    discoveredAt: /* @__PURE__ */ (/* @__PURE__ */ new Date()).toISOString(),
+    platform: process.platform
+  };
+  writeCache(cache);
+}
+__name(setCachedPath, "setCachedPath");
+__name2(setCachedPath, "setCachedPath");
+function evictCachedPath(clientName) {
+  const cache = readCache();
+  if (cache.discovered[clientName]) {
+    delete cache.discovered[clientName];
+    writeCache(cache);
+  }
+}
+__name(evictCachedPath, "evictCachedPath");
+__name2(evictCachedPath, "evictCachedPath");
+function getAllCachedPaths() {
+  return readCache().discovered;
+}
+__name(getAllCachedPaths, "getAllCachedPaths");
+__name2(getAllCachedPaths, "getAllCachedPaths");
 var CLIENT_CONFIGS = {
   claude: /* @__PURE__ */ __name2((home) => {
     switch (platform()) {
@@ -36,14 +111,17 @@ var CLIENT_CONFIGS = {
     ] : [],
     join(_home, ".cursor/mcp.json")
   ], "cursor"),
-  windsurf: /* @__PURE__ */ __name2((home, cwd) => [
-    ...cwd ? [
-      join(cwd, ".windsurf/mcp.json")
-    ] : [],
+  // Windsurf only has a global config — no project-level support (confirmed by Windsurf docs, June 2025)
+  windsurf: /* @__PURE__ */ __name2((home) => [
     join(home, ".codeium/windsurf/mcp_config.json")
   ], "windsurf"),
-  continue: /* @__PURE__ */ __name2((home) => [
-    join(home, ".continue/config.json")
+  // Continue: global config.json or config.yaml; project-level .continue/mcpServers/mcp.json
+  continue: /* @__PURE__ */ __name2((home, cwd) => [
+    ...cwd ? [
+      join(cwd, ".continue/mcpServers/mcp.json")
+    ] : [],
+    join(home, ".continue/config.json"),
+    join(home, ".continue/config.yaml")
   ], "continue"),
   // New clients
   vscode: /* @__PURE__ */ __name2((_home, cwd) => [
@@ -51,9 +129,16 @@ var CLIENT_CONFIGS = {
       join(cwd, ".vscode/mcp.json")
     ] : []
   ], "vscode"),
-  zed: /* @__PURE__ */ __name2((home) => [
+  // Zed: global ~/.config/zed/settings.json, plus project-level .zed/settings.json
+  zed: /* @__PURE__ */ __name2((home, cwd) => [
+    ...cwd ? [
+      join(cwd, ".zed/settings.json")
+    ] : [],
     join(home, ".config/zed/settings.json")
   ], "zed"),
+  // Cline / Roo Code store their actual settings in VS Code extension globalStorage,
+  // but `snap tools configure --cline/--roo-code` writes to these paths as a side-channel.
+  // Detection via these paths is best-effort; users may need `snap mcp link --client cline` instead.
   cline: /* @__PURE__ */ __name2((home) => [
     join(home, ".cline/mcp.json")
   ], "cline"),
@@ -71,19 +156,26 @@ var CLIENT_CONFIGS = {
     const workspaceConfig = cwd ? [
       join(cwd, ".qoder-mcp-config.json")
     ] : [];
-    const globalConfig = (() => {
+    const globalConfigs = (() => {
       switch (platform()) {
         case "darwin":
-          return join(home, "Library/Application Support/Qoder/SharedClientCache/extension/local/mcp.json");
+          return [
+            join(home, "Library/Application Support/Qoder/SharedClientCache/mcp.json"),
+            join(home, "Library/Application Support/Qoder/SharedClientCache/extension/local/mcp.json")
+          ];
         case "win32":
-          return join(process.env.APPDATA || "", "Qoder/mcp.json");
+          return [
+            join(process.env.APPDATA || "", "Qoder/mcp.json")
+          ];
         default:
-          return join(home, ".config/Qoder/mcp.json");
+          return [
+            join(home, ".config/Qoder/mcp.json")
+          ];
       }
     })();
     return [
       ...workspaceConfig,
-      globalConfig
+      ...globalConfigs
     ];
   }, "qoder")
 };
@@ -106,7 +198,12 @@ function detectAIClients(options = {}) {
   const clients = [];
   const seenPaths = /* @__PURE__ */ new Set();
   for (const [name, getPaths] of Object.entries(CLIENT_CONFIGS)) {
-    const paths = getPaths(home, cwd);
+    const candidates = getPaths(home, cwd);
+    const cachedPath = getCachedPath(name);
+    const paths = cachedPath && candidates.includes(cachedPath) ? [
+      cachedPath,
+      ...candidates.filter((p) => p !== cachedPath)
+    ] : candidates;
     for (const configPath of paths) {
       if (seenPaths.has(configPath)) {
         continue;
@@ -115,6 +212,7 @@ function detectAIClients(options = {}) {
       const exists = existsSync(configPath);
       let hasSnapback = false;
       if (exists) {
+        setCachedPath(name, configPath);
         try {
           const content = readFileSync(configPath, "utf-8");
           if (configPath.endsWith(".yaml") || configPath.endsWith(".yml")) {
@@ -169,12 +267,17 @@ function checkForSnapback(config, format) {
     case "windsurf":
     case "cline":
     case "roo-code":
-    case "qoder":
       if ("mcpServers" in configObj && typeof configObj.mcpServers === "object" && configObj.mcpServers !== null) {
         const servers = configObj.mcpServers;
         return "snapback" in servers || `snapback-${format}` in servers;
       }
       return false;
+    case "qoder":
+      if ("mcpServers" in configObj && typeof configObj.mcpServers === "object" && configObj.mcpServers !== null) {
+        const servers = configObj.mcpServers;
+        return Object.keys(servers).some((k) => k === "snapback" || k.startsWith("snapback-"));
+      }
+      return false;
     case "vscode":
       if ("servers" in configObj && typeof configObj.servers === "object" && configObj.servers !== null) {
         const servers = configObj.servers;
@@ -771,6 +874,32 @@ function resolveNodePath() {
 }
 __name(resolveNodePath, "resolveNodePath");
 __name2(resolveNodePath, "resolveNodePath");
+function resolveSnapbackBinaryPath() {
+  try {
+    const isWindows = process.platform === "win32";
+    const command = isWindows ? "where snapback" : "which snapback";
+    const result = execSync(command, {
+      encoding: "utf-8",
+      timeout: 5e3
+    }).trim();
+    const binaryPath = result.split(/\r?\n/)[0].trim();
+    if (binaryPath && existsSync(binaryPath)) {
+      return binaryPath;
+    }
+  } catch {
+  }
+  const commonPaths = [
+    "/opt/homebrew/bin/snapback",
+    "/usr/local/bin/snapback",
+    "/usr/bin/snapback"
+  ];
+  for (const p of commonPaths) {
+    if (existsSync(p)) return p;
+  }
+  return "snapback";
+}
+__name(resolveSnapbackBinaryPath, "resolveSnapbackBinaryPath");
+__name2(resolveSnapbackBinaryPath, "resolveSnapbackBinaryPath");
 function isCommandExecutable2(command) {
   if (command.startsWith("/") || command.match(/^[A-Z]:\\/i)) {
     return existsSync(command);
@@ -793,14 +922,11 @@ var STDIO_ONLY_CLIENTS = /* @__PURE__ */ new Set([
   "claude"
 ]);
 function getSnapbackMCPConfig(options = {}) {
-  const { apiKey, workspaceId, serverUrl, useBinary = false, customCommand, additionalEnv, workspaceRoot, useLocalDev = false, localCliPath, client } = options;
+  const { apiKey, workspaceId, serverUrl, useBinary = false, customCommand, additionalEnv, workspaceRoot, useLocalDev = false, localCliPath, client, useDoppler = false, dopplerProject = "snapback-shared", dopplerConfig = "dev", useSse = false, useStreamableHttp = false } = options;
   const useNpx = options.useNpx ?? (client ? STDIO_ONLY_CLIENTS.has(client) : false);
   const env = {
     ...additionalEnv
   };
-  if (workspaceId) {
-    env.SNAPBACK_WORKSPACE_ID = workspaceId;
-  }
   if (apiKey) {
     env.SNAPBACK_API_KEY = apiKey;
   }
@@ -813,9 +939,65 @@ function getSnapbackMCPConfig(options = {}) {
       }
     };
   }
+  if (useSse || useStreamableHttp) {
+    const url = serverUrl || "https://mcp.snapback.dev/mcp";
+    const headers2 = {};
+    if (workspaceId) {
+      headers2["x-workspace-id"] = workspaceId;
+    }
+    if (apiKey) {
+      headers2["x-api-key"] = apiKey;
+    }
+    return {
+      url,
+      ...Object.keys(headers2).length > 0 && {
+        headers: headers2
+      }
+    };
+  }
+  if (useDoppler && localCliPath) {
+    const tier = apiKey ? "pro" : "free";
+    const nodePath = resolveNodePath();
+    const dopplerArgs = [
+      "run",
+      "--project",
+      dopplerProject,
+      "--config",
+      dopplerConfig,
+      "--",
+      nodePath,
+      localCliPath,
+      "mcp",
+      "--stdio",
+      "--tier",
+      tier
+    ];
+    if (workspaceRoot) {
+      dopplerArgs.push("--workspace", workspaceRoot);
+    }
+    return {
+      command: "doppler",
+      args: dopplerArgs
+    };
+  }
   if (useNpx) {
+    const isClaudeDesktop = client === "claude";
+    if (isClaudeDesktop) {
+      const args2 = [
+        "--yes",
+        "@snapback/mcpb"
+      ];
+      if (workspaceRoot) {
+        args2.push(workspaceRoot);
+      }
+      return {
+        command: "npx",
+        args: args2
+      };
+    }
     const tier = apiKey ? "pro" : "free";
     const args = [
+      "--yes",
       "@snapback/cli",
       "mcp",
       "--stdio",
@@ -833,12 +1015,19 @@ function getSnapbackMCPConfig(options = {}) {
       }
     };
   }
-  if (serverUrl || !useLocalDev && !useBinary) {
-    const url = serverUrl || "https://snapback-mcp.fly.dev";
+  if (serverUrl || !useLocalDev && !useBinary && !useDoppler) {
+    const url = serverUrl || "https://mcp.snapback.dev/mcp";
+    const headers2 = {};
+    if (workspaceId) {
+      headers2["x-workspace-id"] = workspaceId;
+    }
+    if (apiKey) {
+      headers2["x-api-key"] = apiKey;
+    }
     return {
       url,
-      ...Object.keys(env).length > 0 && {
-        env
+      ...Object.keys(headers2).length > 0 && {
+        headers: headers2
       }
     };
   }
@@ -875,17 +1064,24 @@ function getSnapbackMCPConfig(options = {}) {
       args.push("--workspace", workspaceRoot);
     }
     return {
-      command: "snapback",
+      command: resolveSnapbackBinaryPath(),
       args,
       ...Object.keys(env).length > 0 && {
         env
       }
     };
   }
+  const headers = {};
+  if (workspaceId) {
+    headers["x-workspace-id"] = workspaceId;
+  }
+  if (apiKey) {
+    headers["x-api-key"] = apiKey;
+  }
   return {
-    url: "https://snapback-mcp.fly.dev",
-    ...Object.keys(env).length > 0 && {
-      env
+    url: "https://mcp.snapback.dev/mcp",
+    ...Object.keys(headers).length > 0 && {
+      headers
     }
   };
 }
@@ -986,6 +1182,7 @@ function removeSnapbackConfig(client) {
       }
     }
     writeFileSync(client.configPath, JSON.stringify(config, null, 2));
+    evictCachedPath(client.name);
     return {
       success: true
     };
@@ -1033,17 +1230,25 @@ function mergeConfig(existing, snapbackConfig, format) {
           }
         }
       };
-    case "qoder":
+    case "qoder": {
+      let qoderType;
+      if (snapbackConfig.url) {
+        const isLocal = snapbackConfig.url.startsWith("http://localhost") || snapbackConfig.url.startsWith("http://127.0.0.1");
+        qoderType = isLocal ? "sse" : "http";
+      } else {
+        qoderType = "stdio";
+      }
       return {
         ...existing,
         mcpServers: {
           ...existing.mcpServers || {},
           [serverKey]: {
-            type: "stdio",
+            type: qoderType,
             ...snapbackConfig
           }
         }
       };
+    }
     case "vscode": {
       const vscodeConfig = existing;
       const servers = vscodeConfig.servers || {};
@@ -1105,6 +1310,87 @@ function mergeConfig(existing, snapbackConfig, format) {
 }
 __name(mergeConfig, "mergeConfig");
 __name2(mergeConfig, "mergeConfig");
+function patchApiKeyInClientConfig(client, apiKey) {
+  try {
+    if (!existsSync(client.configPath)) return false;
+    const raw = readFileSync(client.configPath, "utf-8");
+    const config = JSON.parse(raw);
+    const serverKey = getServerKey(client.format);
+    let patched = false;
+    const patchEntry = /* @__PURE__ */ __name2((entry) => {
+      if (typeof entry !== "object" || entry === null) return false;
+      const e = entry;
+      if (e.url && typeof e.url === "string") {
+        if (!e.headers || typeof e.headers !== "object") {
+          e.headers = {};
+        }
+        e.headers["x-api-key"] = apiKey;
+        const headers = e.headers;
+        if (headers.Authorization?.includes("<your-token>")) {
+          delete headers.Authorization;
+        }
+        return true;
+      }
+      if (!e.env || typeof e.env !== "object") {
+        e.env = {};
+      }
+      e.env.SNAPBACK_API_KEY = apiKey;
+      return true;
+    }, "patchEntry");
+    switch (client.format) {
+      case "claude":
+      case "cursor":
+      case "windsurf":
+      case "cline":
+      case "roo-code":
+      case "gemini": {
+        const servers = config.mcpServers || {};
+        const entry = servers[serverKey] ?? servers.snapback;
+        if (entry) patched = patchEntry(entry);
+        break;
+      }
+      case "qoder": {
+        const servers = config.mcpServers || {};
+        for (const key of Object.keys(servers)) {
+          if (key === "snapback" || key.startsWith("snapback-")) {
+            patched = patchEntry(servers[key]) || patched;
+          }
+        }
+        break;
+      }
+      case "vscode": {
+        const servers = config.servers || {};
+        const entry = servers[serverKey] ?? servers.snapback;
+        if (entry) patched = patchEntry(entry);
+        break;
+      }
+      case "zed": {
+        const servers = config.context_servers || {};
+        const entry = servers[serverKey] ?? servers.snapback;
+        if (entry) patched = patchEntry(entry);
+        break;
+      }
+      case "continue": {
+        const exp = config.experimental || {};
+        const list = exp.modelContextProtocolServers || [];
+        for (const item of list) {
+          if (typeof item.name === "string" && item.name.startsWith("snapback")) {
+            patched = patchEntry(item) || patched;
+          }
+        }
+        break;
+      }
+    }
+    if (patched) {
+      writeFileSync(client.configPath, JSON.stringify(config, null, 2));
+    }
+    return patched;
+  } catch {
+    return false;
+  }
+}
+__name(patchApiKeyInClientConfig, "patchApiKeyInClientConfig");
+__name2(patchApiKeyInClientConfig, "patchApiKeyInClientConfig");
 function validateConfig(client) {
   try {
     const content = readFileSync(client.configPath, "utf-8");
@@ -1418,6 +1704,4 @@ function findCliPath() {
 __name(findCliPath, "findCliPath");
 __name2(findCliPath, "findCliPath");
 
-export { createManagedMetadata, detectAIClients, detectMCPProcesses, detectWorkspaceConfig, getClient, getClientConfigPath, getConfiguredClients, getOrCreateIdentity, getServerKey, getSnapbackConfigDir, getSnapbackMCPConfig, injectWorkspacePath, isCommandExecutable2, isOwnedByThisInstall, isSnapbackMCPRunning, readClientConfig, removeSnapbackConfig, repairClientConfig, resetIdentityCache, resolveNodePath, validateClientConfig, validateConfig, validateWorkspacePath, writeClientConfig };
-//# sourceMappingURL=chunk-R7CUQ7CU.js.map
-//# sourceMappingURL=chunk-R7CUQ7CU.js.map
+export { createManagedMetadata, detectAIClients, detectMCPProcesses, detectWorkspaceConfig, evictCachedPath, getAllCachedPaths, getCachedPath, getClient, getClientConfigPath, getConfiguredClients, getOrCreateIdentity, getServerKey, getSnapbackConfigDir, getSnapbackMCPConfig, injectWorkspacePath, isCommandExecutable2, isOwnedByThisInstall, isSnapbackMCPRunning, patchApiKeyInClientConfig, readClientConfig, removeSnapbackConfig, repairClientConfig, resetIdentityCache, resolveNodePath, setCachedPath, validateClientConfig, validateConfig, validateWorkspacePath, writeClientConfig };

package/dist/chunk-GT4ZUCFR.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node --no-warnings=ExperimentalWarning
+import { logger } from './chunk-PL4HF4M2.js';
+import { __name } from './chunk-7ADPL4Q3.js';
+
+process.env.SNAPBACK_CLI='true';
+
+// ../../packages/auth/dist/lib/audit.js
+var POSTHOG_API_KEY = process.env.POSTHOG_API_KEY || "";
+var POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.posthog.com";
+var POSTHOG_ENABLED = !!POSTHOG_API_KEY;
+async function emitPostHogEvent(eventType, metadata) {
+  if (!POSTHOG_ENABLED) {
+    return;
+  }
+  try {
+    const event = {
+      api_key: POSTHOG_API_KEY,
+      event: eventType,
+      distinct_id: metadata.userId || metadata.ip || "anonymous",
+      properties: {
+        ...metadata,
+        $ip: metadata.ip,
+        $set: {
+          email: metadata.userId ? `user_${metadata.userId}` : void 0
+        }
+      },
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const response = await fetch(`${POSTHOG_HOST}/capture/`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(event)
+    });
+    if (!response.ok) {
+      logger.error("Failed to emit PostHog event", {
+        eventType,
+        status: response.status,
+        statusText: response.statusText
+      });
+    }
+  } catch (error) {
+    logger.error("Error emitting PostHog event", {
+      error,
+      eventType
+    });
+  }
+}
+__name(emitPostHogEvent, "emitPostHogEvent");
+async function writeAuditLog(eventType, metadata) {
+  try {
+    const { db, snapbackSchema } = await import('./dist-CUHOKNLS.js');
+    if (!db) {
+      logger.warn("Database not available for audit logging", {
+        eventType
+      });
+      return;
+    }
+    const { telemetryEvents } = snapbackSchema;
+    await db.insert(telemetryEvents).values({
+      eventType,
+      eventCategory: "audit",
+      userId: metadata.userId,
+      properties: {
+        ip: metadata.ip,
+        userAgent: metadata.userAgent,
+        method: metadata.method,
+        path: metadata.path,
+        statusCode: metadata.statusCode,
+        errorMessage: metadata.errorMessage,
+        ...metadata
+      }
+    });
+    logger.debug("Audit log written", {
+      eventType,
+      userId: metadata.userId,
+      orgId: metadata.orgId
+    });
+  } catch (error) {
+    logger.error("Failed to write audit log", {
+      error,
+      eventType,
+      metadata
+    });
+  }
+}
+__name(writeAuditLog, "writeAuditLog");
+async function trackEvent(eventType, metadata) {
+  logger.info("Audit event", {
+    eventType,
+    userId: metadata.userId,
+    orgId: metadata.orgId,
+    path: metadata.path
+  });
+  emitPostHogEvent(eventType, metadata).catch((error) => {
+    logger.error("PostHog emit failed", {
+      error,
+      eventType
+    });
+  });
+  writeAuditLog(eventType, metadata).catch((error) => {
+    logger.error("Audit log write failed", {
+      error,
+      eventType
+    });
+  });
+}
+__name(trackEvent, "trackEvent");
+
+export { trackEvent };