@thinkrun/mcp 0.3.5 → 0.3.7

package/dist/src/server.js

@@ -5,7 +5,12 @@
  * script injection attempts. The server-side also applies JSON.stringify()
  * escaping when embedding selectors in error messages (defense-in-depth).
  */
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { readTabAuditState, resolveTabAuditState, writeTabAuditState, } from '@thinkrun/shared/audit-state';
+import { patchLocalAuditState } from '@thinkrun/shared/local-audit-sync';
 import { z } from 'zod';
 /** Zod schema for CSS selectors — rejects obvious script injection patterns. */
 const cssSelector = z
@@ -59,6 +64,75 @@ export const MAX_GET_HTML_CHARS = 200_000;
 export const MAX_SLEEP_MS = 30_000;
 const LOCAL_TOOL_ENRICH_TIMEOUT_MS = 300;
 const LOCAL_TOOL_ENRICH_BRIDGE_TIMEOUT_MS = 150;
+function getThinkrunLockDir() {
+    // Keep this fallback sequence aligned with packages/shared/src/audit-state.js#getLockDir.
+    const configuredDir = process.env.THINKRUN_LOCK_DIR ?? process.env.THINKBROWSE_LOCK_DIR;
+    if (configuredDir)
+        return configuredDir;
+    const thinkrunDir = join(homedir(), '.thinkrun');
+    const thinkbrowseDir = join(homedir(), '.thinkbrowse');
+    if (!existsSync(thinkrunDir) && existsSync(thinkbrowseDir)) {
+        return thinkbrowseDir;
+    }
+    return thinkrunDir;
+}
+function getCliSessionFilePath(tabId) {
+    const safeTabId = tabId.replace(/[^a-zA-Z0-9_-]/g, '_') || 'unknown';
+    return join(getThinkrunLockDir(), `local-session-${safeTabId}.json`);
+}
+function readPersistedCliSessionId(tabId) {
+    try {
+        const filePath = getCliSessionFilePath(tabId);
+        if (!existsSync(filePath))
+            return undefined;
+        const parsed = JSON.parse(readFileSync(filePath, 'utf-8'));
+        return typeof parsed.sessionId === 'string' && parsed.sessionId.length > 0
+            ? parsed.sessionId
+            : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function getThinkrunApiCredentials() {
+    const envApiKey = process.env.THINKRUN_API_KEY?.trim();
+    const envApiUrl = process.env.THINKRUN_BASE_URL?.trim();
+    if (envApiKey) {
+        const apiUrl = envApiUrl || 'https://api.thinkrun.ai';
+        return apiUrl.startsWith('https://') ? { apiKey: envApiKey, apiUrl } : null;
+    }
+    const configPaths = [
+        join(process.env.THINKRUN_CONFIG_DIR || join(homedir(), '.config', 'thinkrun'), 'config.json'),
+        join(homedir(), '.config', 'thinkbrowse', 'config.json'),
+    ];
+    for (const configPath of configPaths) {
+        try {
+            if (!existsSync(configPath))
+                continue;
+            const parsed = JSON.parse(readFileSync(configPath, 'utf-8'));
+            const apiKey = typeof parsed.apiKey === 'string' ? parsed.apiKey.trim() : '';
+            if (!apiKey)
+                continue;
+            const apiUrl = typeof parsed.apiUrl === 'string' && parsed.apiUrl.trim()
+                ? parsed.apiUrl.trim()
+                : 'https://api.thinkrun.ai';
+            if (!apiUrl.startsWith('https://'))
+                return null;
+            return { apiKey, apiUrl };
+        }
+        catch {
+            // best-effort lookup only
+        }
+    }
+    return null;
+}
+function syncPersistedCliAuditState(sessionId, enabled, updatedAt, fetchFn = globalThis.fetch) {
+    const creds = getThinkrunApiCredentials();
+    if (!creds)
+        return Promise.resolve(false);
+    const { apiKey, apiUrl } = creds;
+    return patchLocalAuditState({ sessionId, enabled, updatedAt, apiKey, apiUrl, fetchFn });
+}
 function withTimeout(promise, timeoutMs, label) {
     let timer;
     const timeout = new Promise((_, reject) => {
@@ -251,6 +325,7 @@ export async function handleWindowNew(client, args, defaultSessionRef) {
 // Anchored to prevent false positives on cloud session IDs that end in digits
 // (e.g. `remote-session-42` would match the unanchored form and produce a tab ID).
 const LOCAL_SESSION_TAB_ID_RE = /^local-(\d+)$/;
+const EXTENSION_PROXY_SESSION_TAB_ID_RE = /^ext-proxy-(\d+)$/;
 function extractLocalTabIdFromSessionId(sessionId) {
     // Local MCP session IDs are expected to end in the underlying tab ID.
     // `focus` depends on this convention to foreground the bound local tab
@@ -261,6 +336,84 @@ function extractLocalTabIdFromSessionId(sessionId) {
     const parsed = Number(match[1]);
     return Number.isInteger(parsed) && parsed > 0 ? parsed : undefined;
 }
+function extractAuditableTabIdFromSessionId(sessionId) {
+    const localMatch = sessionId.match(LOCAL_SESSION_TAB_ID_RE);
+    if (localMatch) {
+        const parsed = Number(localMatch[1]);
+        return Number.isInteger(parsed) && parsed > 0 ? String(parsed) : undefined;
+    }
+    const extensionProxyMatch = sessionId.match(EXTENSION_PROXY_SESSION_TAB_ID_RE);
+    if (extensionProxyMatch) {
+        const parsed = Number(extensionProxyMatch[1]);
+        return Number.isInteger(parsed) && parsed > 0 ? String(parsed) : undefined;
+    }
+    return undefined;
+}
+function buildSessionAuditPayload(sessionId) {
+    const tabId = extractAuditableTabIdFromSessionId(sessionId);
+    if (!tabId)
+        return undefined;
+    const resolved = resolveTabAuditState({ tabId });
+    const stored = readTabAuditState(tabId);
+    return {
+        tabId,
+        enabled: resolved.enabled,
+        source: resolved.source,
+        storedEnabled: stored?.enabled,
+        storedUpdatedAt: stored?.updatedAt,
+    };
+}
+export async function handleSetAuditing(args, sidResolver) {
+    try {
+        const sessionId = sidResolver(args);
+        const tabId = extractAuditableTabIdFromSessionId(sessionId);
+        if (!tabId) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            success: false,
+                            error: `Session ${sessionId} is not backed by a local tab`,
+                        }, null, 2),
+                    }],
+                isError: true,
+            };
+        }
+        const stored = writeTabAuditState(tabId, args.enabled, undefined, { explicit: true });
+        const persistedCliSessionId = readPersistedCliSessionId(tabId);
+        if (persistedCliSessionId) {
+            syncPersistedCliAuditState(persistedCliSessionId, args.enabled, stored.updatedAt).catch(() => {
+                console.error('[thinkrun-mcp] set_auditing backend sync failed');
+            });
+        }
+        const resolved = resolveTabAuditState({ tabId });
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify({
+                        success: true,
+                        sessionId,
+                        tabId,
+                        enabled: resolved.enabled,
+                        source: resolved.source,
+                        storedEnabled: stored.enabled,
+                        storedUpdatedAt: stored.updatedAt,
+                    }, null, 2),
+                }],
+            isError: false,
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify({ success: false, error: message }, null, 2),
+                }],
+            isError: true,
+        };
+    }
+}
 export async function handleTabFocus(client, args, sidResolver, defaultSessionRef) {
     try {
         const sessionId = sidResolver(args);
@@ -535,11 +688,13 @@ export function createServer(client, options) {
             sessionId: defaultableSessionIdSchema,
         },
     }, async (args) => {
-        const result = await c().getSession(sid(args));
+        const sessionId = sid(args);
+        const result = await c().getSession(sessionId);
+        const audit = buildSessionAuditPayload(sessionId);
         return {
             content: [{
                     type: 'text',
-                    text: JSON.stringify(result, null, 2),
+                    text: JSON.stringify(audit ? { ...result, audit } : result, null, 2),
                 }],
         };
     });
@@ -659,6 +814,15 @@ export function createServer(client, options) {
                 }],
         };
     });
+    server.registerTool('set_auditing', {
+        title: 'Set Audit Mode',
+        description: 'Enable or disable local audit mode for the current local tab-backed session. ' +
+            'Uses the same persisted audit toggle as the ThinkRun CLI.',
+        inputSchema: {
+            sessionId: defaultableSessionIdSchema,
+            enabled: z.boolean().describe('Whether audit mode should be enabled for this local tab'),
+        },
+    }, async (args) => handleSetAuditing(args, sid));
     // ================================================================
     // Mode switching (only registered when clientRef + onSetMode provided)
     // ================================================================
@@ -841,6 +1005,18 @@ export function createServer(client, options) {
                 .optional()
                 .describe('Mouse button (default: left)'),
             clickCount: z.number().optional().describe('Number of clicks (2 for double-click)'),
+            delay: z
+                .number()
+                .int()
+                .min(0)
+                .optional()
+                .describe('Delay between mouse down and up in milliseconds'),
+            timeout: z
+                .number()
+                .int()
+                .min(1)
+                .optional()
+                .describe('Command timeout in milliseconds'),
             captureHtml: z.boolean().optional().describe('Capture page HTML after click'),
         },
     }, async (args) => {
@@ -853,6 +1029,42 @@ export function createServer(client, options) {
                 }],
         };
     });
+    server.registerTool('click_at', {
+        title: 'Click At Coordinates',
+        description: 'Click at viewport-relative CSS pixel coordinates. Local mode only. ' +
+            'Use this when semantic element targeting is unavailable and you need a precise coordinate click.',
+        inputSchema: {
+            sessionId: defaultableSessionIdSchema,
+            x: z.number().int().describe('Viewport-relative X coordinate in CSS pixels'),
+            y: z.number().int().describe('Viewport-relative Y coordinate in CSS pixels'),
+            thought: z.string().optional().describe('Why you are clicking at these coordinates'),
+            button: z
+                .enum(['left', 'right', 'middle'])
+                .optional()
+                .describe('Mouse button (default: left)'),
+            delay: z
+                .number()
+                .int()
+                .min(0)
+                .optional()
+                .describe('Delay between mouse down and up in milliseconds'),
+            timeout: z
+                .number()
+                .int()
+                .min(1)
+                .optional()
+                .describe('Command timeout in milliseconds'),
+        },
+    }, async (args) => {
+        const { sessionId: _sid, ...params } = args;
+        const result = await c().clickAt(sid(args), params);
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify(result, null, 2),
+                }],
+        };
+    });
     server.registerTool('type_text', {
         title: 'Type Text',
         description: 'Type text into an element (appends to existing text, triggers key events). ' +
@@ -861,6 +1073,12 @@ export function createServer(client, options) {
             sessionId: defaultableSessionIdSchema,
             selector: cssSelector.describe('CSS selector of the input element'),
             text: z.string().describe('Text to type'),
+            delay: z
+                .number()
+                .int()
+                .min(0)
+                .optional()
+                .describe('Delay between typed characters in milliseconds'),
             thought: z.string().optional().describe('Why you are typing this'),
         },
     }, async (args) => {
@@ -917,12 +1135,28 @@ export function createServer(client, options) {
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
             selector: cssSelector.optional().describe('CSS selector to scroll within (default: page)'),
+            to: cssSelector.optional().describe('CLI-style alias: scroll this element into view'),
+            direction: z
+                .enum(['up', 'down'])
+                .optional()
+                .describe('CLI-style vertical scroll direction (use with amount)'),
+            amount: z
+                .number()
+                .int()
+                .positive()
+                .optional()
+                .describe('CLI-style vertical scroll distance in pixels (default: 500 when direction is set)'),
             x: z.number().optional().describe('Horizontal scroll pixels'),
             y: z.number().optional().describe('Vertical scroll pixels (positive = down)'),
             thought: z.string().optional().describe('Why you are scrolling'),
         },
     }, async (args) => {
-        const { sessionId: _sid, ...params } = args;
+        const { sessionId: _sid, to, direction, amount, ...rest } = args;
+        const params = {
+            ...rest,
+            selector: rest.selector ?? to,
+            y: direction ? ((direction === 'up' ? -1 : 1) * (amount ?? 500)) : rest.y,
+        };
         const result = await c().scroll(sid(args), params);
         return {
             content: [{
@@ -999,7 +1233,7 @@ export function createServer(client, options) {
     });
     server.registerTool('screenshot', {
         title: 'Take Screenshot',
-        description: 'Capture a screenshot of the current page. Returns a base64-encoded image. ' +
+        description: 'Capture a screenshot of the current page. Returns an image plus any available artifact metadata. ' +
             'Use fullPage to capture the entire scrollable page.',
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
@@ -1008,6 +1242,9 @@ export function createServer(client, options) {
                 .optional()
                 .describe('Image format (default: png)'),
             fullPage: z.boolean().optional().describe('Capture full scrollable page'),
+            selector: cssSelector
+                .optional()
+                .describe('Capture a specific element by CSS selector (mutually exclusive with fullPage)'),
             quality: z
                 .number()
                 .min(0)
@@ -1025,12 +1262,32 @@ export function createServer(client, options) {
         const { sessionId: _sid, ...params } = args;
         const result = await c().screenshot(sid(args), params);
         if (result.screenshot) {
+            const format = result.format || params.type || 'png';
+            const mimeType = result.mimeType || `image/${format}`;
+            const metadata = {
+                artifactId: result.artifactId,
+                url: result.url ?? result.publicUrl,
+                format: result.format,
+                size: result.size,
+                warning: result.warning,
+            };
+            const metadataText = Object.values(metadata).some((value) => value !== undefined)
+                ? JSON.stringify(metadata, null, 2)
+                : null;
             return {
-                content: [{
+                content: [
+                    {
                         type: 'image',
                         data: result.screenshot,
-                        mimeType: `image/${params.type || 'png'}`,
-                    }],
+                        mimeType,
+                    },
+                    ...(metadataText
+                        ? [{
+                                type: 'text',
+                                text: metadataText,
+                            }]
+                        : []),
+                ],
             };
         }
         return {
@@ -1048,16 +1305,32 @@ export function createServer(client, options) {
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
             type: z
-                .enum(['text', 'html', 'dom', 'evaluate'])
+                .enum(['text', 'html', 'dom', 'evaluate', 'attribute'])
                 .optional()
                 .describe('Extraction type (default: text)'),
+            format: z
+                .enum(['text', 'json', 'html'])
+                .optional()
+                .describe('CLI-style alias for output mode. "json" keeps structured extraction results.'),
             selector: cssSelector.optional().describe('CSS selector to scope extraction'),
             script: z.string().optional().describe('JavaScript expression (when type=evaluate)'),
             attribute: z.string().optional().describe('HTML attribute to extract'),
+            attr: z.string().optional().describe('CLI-style alias for attribute extraction'),
             multiple: z.boolean().optional().describe('Extract from all matching elements'),
+            all: z.boolean().optional().describe('CLI-style alias for multiple extraction'),
         },
     }, async (args) => {
-        const { sessionId: _sid, ...params } = args;
+        const { sessionId: _sid, format, attr, all, ...rest } = args;
+        const attribute = rest.attribute ?? attr;
+        const multiple = rest.multiple ?? all;
+        const type = rest.type
+            ?? (attribute ? 'attribute' : format === 'html' ? 'html' : format === 'json' ? 'text' : 'text');
+        const params = {
+            ...rest,
+            type,
+            attribute,
+            multiple,
+        };
         const result = await c().extract(sid(args), params);
         const extracted = result.text || result.html
             || (result.data != null ? JSON.stringify(result.data, null, 2) : null);
@@ -1074,9 +1347,15 @@ export function createServer(client, options) {
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
             script: z.string().describe('JavaScript code to execute in the page'),
+            timeout: z
+                .number()
+                .int()
+                .min(1)
+                .optional()
+                .describe('Command timeout in milliseconds'),
         },
     }, async (args) => {
-        const result = await c().evaluate(sid(args), { script: args.script });
+        const result = await c().evaluate(sid(args), { script: args.script, timeout: args.timeout });
         let text;
         if (result.error) {
             text = result.error;