npm - @stackwright-pro/mcp - Versions diffs - 0.2.0-alpha.61 → 0.2.0-alpha.66 - Mend

@stackwright-pro/mcp 0.2.0-alpha.61 → 0.2.0-alpha.66

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/server.js CHANGED Viewed

@@ -1702,6 +1702,14 @@ function handleSavePhaseAnswers(input) {
     let answers;
     if (input.questions && input.questions.length > 0) {
       answers = answersToManifestFormat(input.rawAnswers, input.questions);
+      if (Object.keys(answers).length === 0 && input.rawAnswers.length > 0) {
+        answers = Object.fromEntries(
+          input.rawAnswers.map((a) => [
+            a.question_header,
+            a.selected_options.length > 1 ? a.selected_options : a.selected_options[0] ?? ""
+          ])
+        );
+      }
     } else {
       answers = Object.fromEntries(
         input.rawAnswers.map((a) => [a.question_header, a.selected_options[0] ?? ""])
@@ -2285,12 +2293,13 @@ var PHASE_DEPENDENCIES = {
   // workflow states as trigger sources. Produces OpenAPI specs consumed
   // by pages and dashboard for typed data wiring.
   services: ["api", "workflow"],
-  // pages/dashboard: now also depend on services for typed endpoint wiring
-  // via the OpenAPI specs that services produces.
-  // 'api' is still transitive through 'data'; auth removed — page-otter has
-  // graceful fallback and reads role names from workflow artifacts instead
-  pages: ["designer", "theme", "data", "services"],
-  dashboard: ["designer", "theme", "data", "services"],
+  // pages/dashboard: depend on services for typed endpoint wiring (OpenAPI
+  // specs) and on geo so the specialist prompt includes geo-manifest.json
+  // — page/dashboard otters see which page slugs are already claimed and
+  // won't attempt to overwrite them (swp-73c). 'api' is still transitive
+  // through 'data'; auth removed — page-otter has graceful fallback.
+  pages: ["designer", "theme", "data", "services", "geo"],
+  dashboard: ["designer", "theme", "data", "services", "geo"],
   // auth is the penultimate phase — runs after all content-producing phases
   // so it can read pages, dashboard, workflow, and geo artifacts for route
   // protection and RBAC wiring. Skipped upstream phases still satisfy deps
@@ -3347,6 +3356,16 @@ var OTTER_WRITE_ALLOWLISTS = {
       prefix: ".env",
       suffix: "",
       description: "Dotenv files (.env, .env.local, .env.production, etc.)"
+    },
+    {
+      prefix: "lib/mock-auth",
+      suffix: ".ts",
+      description: "Mock auth module (DEV_ONLY_MODE role updates)"
+    },
+    {
+      prefix: "package.json",
+      suffix: ".json",
+      description: "Project package.json (DEV_ONLY_MODE script cleanup)"
     }
   ],
   "stackwright-pro-data-otter": [
@@ -3404,7 +3423,9 @@ var PROTECTED_PATH_PREFIXES = [
   ".stackwright/artifacts/signatures.json",
   // artifact signature manifest
   ".stackwright/questions/",
-  ".stackwright/answers/"
+  ".stackwright/answers/",
+  ".stackwright/page-registry.json"
+  // page ownership — managed by safe_write internally
 ];
 var MAX_SAFE_WRITE_BYTES_JSON = 512 * 1024;
 var MAX_SAFE_WRITE_BYTES_YAML = 256 * 1024;
@@ -3418,6 +3439,58 @@ function getMaxBytesForPath(filePath) {
     return { limit: MAX_SAFE_WRITE_BYTES_ENV, label: "env" };
   return { limit: MAX_SAFE_WRITE_BYTES_DEFAULT, label: "default" };
 }
+var PAGE_REGISTRY_FILE = ".stackwright/page-registry.json";
+function extractPageSlug(filePath) {
+  const match = (0, import_path6.normalize)(filePath).match(/^pages\/(.+?)\/content\.ya?ml$/);
+  return match?.[1] ?? null;
+}
+function extractContentTypes(yamlContent) {
+  const typePattern = /^\s*-?\s*type:\s*(\S+)/gm;
+  const types = [];
+  let m;
+  while ((m = typePattern.exec(yamlContent)) !== null) {
+    const typeName = m[1];
+    if (typeName && !types.includes(typeName)) {
+      types.push(typeName);
+    }
+  }
+  return types.length > 0 ? types : ["unknown"];
+}
+function readPageRegistry(cwd) {
+  const regPath = (0, import_path6.join)(cwd, PAGE_REGISTRY_FILE);
+  if (!(0, import_fs6.existsSync)(regPath)) return {};
+  try {
+    const stat = (0, import_fs6.lstatSync)(regPath);
+    if (stat.isSymbolicLink()) return {};
+    return JSON.parse((0, import_fs6.readFileSync)(regPath, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function writePageRegistry(cwd, registry) {
+  const dir = (0, import_path6.join)(cwd, ".stackwright");
+  (0, import_fs6.mkdirSync)(dir, { recursive: true });
+  const regPath = (0, import_path6.join)(cwd, PAGE_REGISTRY_FILE);
+  if ((0, import_fs6.existsSync)(regPath)) {
+    const stat = (0, import_fs6.lstatSync)(regPath);
+    if (stat.isSymbolicLink()) {
+      throw new Error("Refusing to write page registry through symlink");
+    }
+  }
+  (0, import_fs6.writeFileSync)(regPath, JSON.stringify(registry, null, 2) + "\n", { encoding: "utf-8" });
+}
+function checkPageOwnership(cwd, slug, callerOtter) {
+  const registry = readPageRegistry(cwd);
+  const existing = registry[slug];
+  if (!existing || existing.claimedBy === callerOtter) {
+    return { allowed: true };
+  }
+  return {
+    allowed: false,
+    owner: existing.claimedBy,
+    contentTypes: existing.contentTypes
+  };
+}
 function checkPathAllowed(callerOtter, filePath) {
   const normalized = (0, import_path6.normalize)(filePath);
   if (normalized.includes("..")) {
@@ -3459,6 +3532,16 @@ function checkPathAllowed(callerOtter, filePath) {
           continue;
         }
       }
+      if (rule.prefix === "lib/mock-auth" && rule.suffix === ".ts") {
+        if (normalized !== "lib/mock-auth.ts") {
+          continue;
+        }
+      }
+      if (rule.prefix === "package.json" && rule.suffix === ".json") {
+        if (normalized !== "package.json") {
+          continue;
+        }
+      }
       return { allowed: true, rule: rule.description };
     }
   }
@@ -3584,11 +3667,38 @@ function handleSafeWrite(input) {
     };
     return { text: JSON.stringify(result), isError: true };
   }
+  const pageSlug = extractPageSlug(normalized);
+  if (pageSlug) {
+    const ownership = checkPageOwnership(cwd, pageSlug, callerOtter);
+    if (!ownership.allowed) {
+      const result = {
+        success: false,
+        error: `Page slug "${pageSlug}" is already claimed by ${ownership.owner} (content types: ${ownership.contentTypes.join(", ")}). Use a different slug or coordinate with the owning otter.`,
+        callerOtter,
+        attemptedPath: filePath,
+        allowedPaths: []
+      };
+      return { text: JSON.stringify(result), isError: true };
+    }
+  }
   try {
     if (createDirectories) {
       (0, import_fs6.mkdirSync)((0, import_path6.dirname)(fullPath), { recursive: true });
     }
     (0, import_fs6.writeFileSync)(fullPath, content, { encoding: "utf-8" });
+    if (pageSlug) {
+      try {
+        const registry = readPageRegistry(cwd);
+        registry[pageSlug] = {
+          slug: pageSlug,
+          claimedBy: callerOtter,
+          contentTypes: extractContentTypes(content),
+          writtenAt: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        writePageRegistry(cwd, registry);
+      } catch {
+      }
+    }
     const result = {
       success: true,
       path: normalized,
@@ -3855,10 +3965,232 @@ ${routeLines}
 ${auditSection}
 `;
 }
+function generateDevOnlyMiddlewareContent(method, params, roles, defaultRole, hierarchy, auditEnabled, auditRetentionDays, protectedRoutes) {
+  const rbacBlock = `  rbac: {
+    roles: ${JSON.stringify(roles)},
+    defaultRole: '${defaultRole}',
+    hierarchy: ${JSON.stringify(hierarchy, null, 4)},
+  },`;
+  const auditBlock = `  audit: {
+    enabled: ${auditEnabled},
+    retentionDays: ${auditRetentionDays},
+  },`;
+  const routesBlock = `  protectedRoutes: ${JSON.stringify(protectedRoutes)},`;
+  const configBlock = `export const config = {
+  matcher: ${JSON.stringify(protectedRoutes)},
+};`;
+  const devHeader = [
+    "// middleware.ts \u2014 generated by @stackwright-pro/auth-nextjs (dev-only mock)",
+    "//   DEV ONLY \u2014 uses mock authentication from lib/mock-auth.ts",
+    "// Do NOT deploy to production.",
+    "import { createProMiddleware } from '@stackwright-pro/auth-nextjs';",
+    "import { mockAuthProvider } from './lib/mock-auth';"
+  ].join("\n");
+  if (method === "cac") {
+    const caBundle = params.cacCaBundle ?? "./certs/dod-ca-bundle.pem";
+    const edipiLookup = params.cacEdipiLookup ?? "./config/edipi-lookup.json";
+    const ocspEndpoint = params.cacOcspEndpoint ?? "https://ocsp.disa.mil";
+    const certHeader = params.cacCertHeader ?? "X-SSL-Client-Cert";
+    return `${devHeader}
+export const middleware = createProMiddleware({
+  method: 'cac',
+  cac: {
+    caBundle: '${caBundle}',
+    edipiLookup: '${edipiLookup}',
+    ocspEndpoint: '${ocspEndpoint}',
+    certHeader: '${certHeader}',
+    provider: mockAuthProvider,
+  },
+${rbacBlock}
+${auditBlock}
+${routesBlock}
+});
+${configBlock}
+`;
+  }
+  if (method === "oidc") {
+    const scopes2 = params.oidcScopes ?? "openid profile email";
+    const roleClaim = params.oidcRoleClaim ?? "roles";
+    return `${devHeader}
+export const middleware = createProMiddleware({
+  method: 'oidc',
+  oidc: {
+    discoveryUrl: 'https://dev-mock-oidc/.well-known/openid-configuration',
+    clientId: 'dev-mock-client',
+    clientSecret: 'dev-mock-secret',
+    scopes: '${scopes2}',
+    roleClaim: '${roleClaim}',
+    provider: mockAuthProvider,
+  },
+${rbacBlock}
+${auditBlock}
+${routesBlock}
+});
+${configBlock}
+`;
+  }
+  const scopes = params.oauth2Scopes ?? "read write";
+  return `${devHeader}
+export const middleware = createProMiddleware({
+  method: 'oauth2',
+  oauth2: {
+    authorizationUrl: 'https://dev-mock-oauth2/authorize',
+    tokenUrl: 'https://dev-mock-oauth2/token',
+    clientId: 'dev-mock-client',
+    clientSecret: 'dev-mock-secret',
+    scopes: '${scopes}',
+    provider: mockAuthProvider,
+  },
+${rbacBlock}
+${auditBlock}
+${routesBlock}
+});
+${configBlock}
+`;
+}
+function generateDevOnlyYamlBlock(method, params, roles, defaultRole, hierarchy, auditEnabled, auditRetentionDays, protectedRoutes) {
+  const rbacSection = `  rbac:
+    roles:
+${rolesToYaml(roles, "      ")}
+    defaultRole: ${defaultRole}
+    hierarchy:
+${hierarchyToYaml(hierarchy, "      ")}`;
+  const auditSection = `  audit:
+    enabled: ${auditEnabled}
+    retentionDays: ${auditRetentionDays}`;
+  const routeLines = protectedRoutes.map((r) => `    - pattern: ${r}
+      requiredRole: ${defaultRole}`).join("\n");
+  const providerLine = params.provider ? `  provider: ${params.provider}
+` : "";
+  if (method === "cac") {
+    const caBundle = params.cacCaBundle ?? "./certs/dod-ca-bundle.pem";
+    const edipiLookup = params.cacEdipiLookup ?? "./config/edipi-lookup.json";
+    const ocspEndpoint = params.cacOcspEndpoint ?? "https://ocsp.disa.mil";
+    const certHeader = params.cacCertHeader ?? "X-SSL-Client-Cert";
+    return `auth:
+  method: cac
+  devOnly: true
+${providerLine}  middleware: ./middleware.ts
+  cac:
+    caBundle: ${caBundle}
+    edipiLookup: ${edipiLookup}
+    ocspEndpoint: ${ocspEndpoint}
+    certHeader: ${certHeader}
+${rbacSection}
+  protectedRoutes:
+${routeLines}
+${auditSection}
+`;
+  }
+  if (method === "oidc") {
+    const scopes2 = params.oidcScopes ?? "openid profile email";
+    const roleClaim = params.oidcRoleClaim ?? "roles";
+    return `auth:
+  method: oidc
+  devOnly: true
+${providerLine}  middleware: ./middleware.ts
+  oidc:
+    discoveryUrl: https://dev-mock-oidc/.well-known/openid-configuration
+    clientId: dev-mock-client
+    clientSecret: dev-mock-secret
+    scopes: ${scopes2}
+    roleClaim: ${roleClaim}
+${rbacSection}
+  protectedRoutes:
+${routeLines}
+${auditSection}
+`;
+  }
+  const scopes = params.oauth2Scopes ?? "read write";
+  return `auth:
+  method: oauth2
+  devOnly: true
+${providerLine}  middleware: ./middleware.ts
+  oauth2:
+    authorizationUrl: https://dev-mock-oauth2/authorize
+    tokenUrl: https://dev-mock-oauth2/token
+    clientId: dev-mock-client
+    clientSecret: dev-mock-secret
+    scopes: ${scopes}
+${rbacSection}
+  protectedRoutes:
+${routeLines}
+${auditSection}
+`;
+}
+function deriveDevKey(roleName) {
+  const segment = roleName.split("_")[0];
+  return (segment ?? roleName).toLowerCase();
+}
+function generateMockAuthContent(roles, mockUsers) {
+  const entries = [];
+  const scriptLines = [];
+  for (let i = 0; i < roles.length; i++) {
+    const role = roles[i];
+    const devKey = deriveDevKey(role);
+    const persona = mockUsers?.[i];
+    const name = persona?.name ?? `Dev ${role}`;
+    const email = persona?.email ?? `dev-${devKey}@example.mil`;
+    const edipi = String(i + 1).padStart(10, "0");
+    entries.push(`  ${devKey}: {
+    id: 'mock-${devKey}-${String(i + 1).padStart(3, "0")}',
+    name: '${name}',
+    email: '${email}',
+    roles: ['${role}'],
+    edipi: '${edipi}',
+  }`);
+    scriptLines.push(` *   pnpm dev:${devKey}   \u2014 ${name}`);
+  }
+  return `/**
+ * Mock authentication for development mode.
+ *
+ * DEV_ONLY_MODE \u2014 no real auth provider. Select a persona via MOCK_USER env var
+ * or use the convenience scripts in package.json:
+${scriptLines.join("\n")}
+ */
+export const MOCK_USERS = {
+${entries.join(",\n")}
+} as const;
+export type MockRole = keyof typeof MOCK_USERS;
+export function getMockUser(role?: string) {
+  const key = (role ?? process.env.MOCK_USER) as MockRole | undefined;
+  if (!key) return null;
+  return MOCK_USERS[key] ?? null;
+}
+export function mockAuthProvider() {
+  return getMockUser();
+}
+`;
+}
+function updatePackageJsonScripts(existingJson, roles, mockUsers) {
+  const pkg = JSON.parse(existingJson);
+  const scripts = pkg.scripts ?? {};
+  delete scripts["dev:admin"];
+  delete scripts["dev:analyst"];
+  delete scripts["dev:viewer"];
+  for (let i = 0; i < roles.length; i++) {
+    const devKey = deriveDevKey(roles[i]);
+    scripts[`dev:${devKey}`] = `MOCK_USER=${devKey} next dev`;
+  }
+  pkg.scripts = scripts;
+  return JSON.stringify(pkg, null, 2) + "\n";
+}
 async function configureAuthHandler(params, cwd) {
   const {
     method,
     provider,
+    devOnly = false,
+    mockUsers,
     rbacRoles = ["SUPER_ADMIN", "ADMIN", "ANALYST"],
     auditEnabled = true,
     auditRetentionDays = 90,
@@ -3888,7 +4220,16 @@ async function configureAuthHandler(params, cwd) {
   }
   const filesWritten = [];
   try {
-    const middlewareContent = generateMiddlewareContent(
+    const middlewareContent = devOnly ? generateDevOnlyMiddlewareContent(
+      method,
+      params,
+      roles,
+      defaultRole,
+      hierarchy,
+      auditEnabled,
+      auditRetentionDays,
+      protectedRoutes
+    ) : generateMiddlewareContent(
       method,
       params,
       roles,
@@ -3912,30 +4253,87 @@ async function configureAuthHandler(params, cwd) {
       isError: true
     };
   }
-  try {
-    const envBlock = generateEnvBlock(method, params);
-    const envPath = (0, import_path7.join)(cwd, ".env.example");
-    if ((0, import_fs7.existsSync)(envPath)) {
-      const existing = (0, import_fs7.readFileSync)(envPath, "utf8");
-      (0, import_fs7.writeFileSync)(envPath, existing.trimEnd() + "\n\n" + envBlock, "utf8");
-    } else {
-      (0, import_fs7.writeFileSync)(envPath, envBlock, "utf8");
+  if (!devOnly) {
+    try {
+      const envBlock = generateEnvBlock(method, params);
+      const envPath = (0, import_path7.join)(cwd, ".env.example");
+      if ((0, import_fs7.existsSync)(envPath)) {
+        const existing = (0, import_fs7.readFileSync)(envPath, "utf8");
+        (0, import_fs7.writeFileSync)(envPath, existing.trimEnd() + "\n\n" + envBlock, "utf8");
+      } else {
+        (0, import_fs7.writeFileSync)(envPath, envBlock, "utf8");
+      }
+      filesWritten.push(".env.example");
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({ success: false, error: `Failed writing .env.example: ${msg}` })
+          }
+        ],
+        isError: true
+      };
+    }
+  }
+  if (devOnly) {
+    try {
+      const mockAuthDir = (0, import_path7.join)(cwd, "lib");
+      (0, import_fs7.mkdirSync)(mockAuthDir, { recursive: true });
+      const mockAuthContent = generateMockAuthContent(roles, mockUsers);
+      (0, import_fs7.writeFileSync)((0, import_path7.join)(mockAuthDir, "mock-auth.ts"), mockAuthContent, "utf8");
+      filesWritten.push("lib/mock-auth.ts");
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({
+              success: false,
+              error: `Failed writing lib/mock-auth.ts: ${msg}`
+            })
+          }
+        ],
+        isError: true
+      };
+    }
+    try {
+      const pkgPath = (0, import_path7.join)(cwd, "package.json");
+      if ((0, import_fs7.existsSync)(pkgPath)) {
+        const existingPkg = (0, import_fs7.readFileSync)(pkgPath, "utf8");
+        const updatedPkg = updatePackageJsonScripts(existingPkg, roles, mockUsers);
+        (0, import_fs7.writeFileSync)(pkgPath, updatedPkg, "utf8");
+        filesWritten.push("package.json");
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({
+              success: false,
+              error: `Failed updating package.json: ${msg}`
+            })
+          }
+        ],
+        isError: true
+      };
     }
-    filesWritten.push(".env.example");
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return {
-      content: [
-        {
-          type: "text",
-          text: JSON.stringify({ success: false, error: `Failed writing .env.example: ${msg}` })
-        }
-      ],
-      isError: true
-    };
   }
   try {
-    const authYaml = generateYamlBlock(
+    const authYaml = devOnly ? generateDevOnlyYamlBlock(
+      method,
+      params,
+      roles,
+      defaultRole,
+      hierarchy,
+      auditEnabled,
+      auditRetentionDays,
+      protectedRoutes
+    ) : generateYamlBlock(
       method,
       params,
       roles,
@@ -4017,7 +4415,9 @@ function registerAuthTools(server2) {
       // Routes
       protectedRoutes: jsonCoerce(import_zod13.z.array(import_zod13.z.string()).optional()),
       // Injection for tests
-      _cwd: import_zod13.z.string().optional()
+      _cwd: import_zod13.z.string().optional(),
+      devOnly: boolCoerce(import_zod13.z.boolean().optional()),
+      mockUsers: jsonCoerce(import_zod13.z.array(import_zod13.z.object({ name: import_zod13.z.string(), email: import_zod13.z.string() })).optional())
     },
     async (params) => {
       const cwd = params._cwd ?? process.cwd();
@@ -4037,15 +4437,15 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-auth-otter.json",
-    "8a6ee02cfe7fede3ca708d05b8b46824eb71f60c7f474b6edf9599da77f779b2"
+    "4bf6beba7150d08c74c5f6fbbeb20e988aba52a2029ff2892615e71f6ab12ed1"
   ],
   [
     "stackwright-pro-dashboard-otter.json",
-    "f5a83b74ad7c44edc6f39b45a568fa122d82aa4788f741ce14614da56d4e29a4"
+    "9c319d311801730e8dc9bc142eebb8fc5a7f48da48fa0b8d8c3b7431652447be"
   ],
   [
     "stackwright-pro-data-otter.json",
-    "c406e1c775bcb1f2b038b40a92d9bd23172b40d774fc0fa50bad4c9714f53445"
+    "4d9369277685a4acc484116920c9622ad8a1838012a493fcfe42a6ae5abe53cf"
   ],
   [
     "stackwright-pro-designer-otter.json",
@@ -4053,7 +4453,7 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-domain-expert-otter.json",
-    "bfe5c167d73fef3f2ef280fff56dcb552073c218e1394a43ecf983a03169ed55"
+    "6055a2efc78f54a8393f628839e2a2563bf0c6de3ad32de00c82779a53381efd"
   ],
   [
     "stackwright-pro-foreman-otter.json",
@@ -4061,15 +4461,15 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-geo-otter.json",
-    "6eb7ecf97254dbd79c09ad24348bf16001423cce9585c14bef81afd67b7b901b"
+    "9e09aaf2bb10197c6d1c05d0fd5f5f9380acc0cb697a410fcae839ffba648561"
   ],
   [
     "stackwright-pro-page-otter.json",
-    "9a5672f0758c81539337d86955e2892cd412547b4f111c2aa098eed1e62d7626"
+    "532bb7e9a25a5c832edd1ff1ea0886dd4453905d86e6f9331eb957ae5e121833"
   ],
   [
     "stackwright-pro-polish-otter.json",
-    "d31116995fdb417798af6056efd03bb1c71e0891371aba1774d283c03c9d77e8"
+    "8f284d4d6a204137cd786824fc584d5bddac1bc757204769b99ca5412cf2cea2"
   ],
   [
     "stackwright-pro-theme-otter.json",