@thinkrun/mcp 0.3.6 → 0.3.8

package/dist/src/server.js

@@ -5,7 +5,12 @@
  * script injection attempts. The server-side also applies JSON.stringify()
  * escaping when embedding selectors in error messages (defense-in-depth).
  */
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { readTabAuditState, resolveTabAuditState, writeTabAuditState, } from '@thinkrun/shared/audit-state';
+import { patchLocalAuditState } from '@thinkrun/shared/local-audit-sync';
 import { z } from 'zod';
 /** Zod schema for CSS selectors — rejects obvious script injection patterns. */
 const cssSelector = z
@@ -59,6 +64,75 @@ export const MAX_GET_HTML_CHARS = 200_000;
 export const MAX_SLEEP_MS = 30_000;
 const LOCAL_TOOL_ENRICH_TIMEOUT_MS = 300;
 const LOCAL_TOOL_ENRICH_BRIDGE_TIMEOUT_MS = 150;
+function getThinkrunLockDir() {
+    // Keep this fallback sequence aligned with packages/shared/src/audit-state.js#getLockDir.
+    const configuredDir = process.env.THINKRUN_LOCK_DIR ?? process.env.THINKBROWSE_LOCK_DIR;
+    if (configuredDir)
+        return configuredDir;
+    const thinkrunDir = join(homedir(), '.thinkrun');
+    const thinkbrowseDir = join(homedir(), '.thinkbrowse');
+    if (!existsSync(thinkrunDir) && existsSync(thinkbrowseDir)) {
+        return thinkbrowseDir;
+    }
+    return thinkrunDir;
+}
+function getCliSessionFilePath(tabId) {
+    const safeTabId = tabId.replace(/[^a-zA-Z0-9_-]/g, '_') || 'unknown';
+    return join(getThinkrunLockDir(), `local-session-${safeTabId}.json`);
+}
+function readPersistedCliSessionId(tabId) {
+    try {
+        const filePath = getCliSessionFilePath(tabId);
+        if (!existsSync(filePath))
+            return undefined;
+        const parsed = JSON.parse(readFileSync(filePath, 'utf-8'));
+        return typeof parsed.sessionId === 'string' && parsed.sessionId.length > 0
+            ? parsed.sessionId
+            : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function getThinkrunApiCredentials() {
+    const envApiKey = process.env.THINKRUN_API_KEY?.trim();
+    const envApiUrl = process.env.THINKRUN_BASE_URL?.trim();
+    if (envApiKey) {
+        const apiUrl = envApiUrl || 'https://api.thinkrun.ai';
+        return apiUrl.startsWith('https://') ? { apiKey: envApiKey, apiUrl } : null;
+    }
+    const configPaths = [
+        join(process.env.THINKRUN_CONFIG_DIR || join(homedir(), '.config', 'thinkrun'), 'config.json'),
+        join(homedir(), '.config', 'thinkbrowse', 'config.json'),
+    ];
+    for (const configPath of configPaths) {
+        try {
+            if (!existsSync(configPath))
+                continue;
+            const parsed = JSON.parse(readFileSync(configPath, 'utf-8'));
+            const apiKey = typeof parsed.apiKey === 'string' ? parsed.apiKey.trim() : '';
+            if (!apiKey)
+                continue;
+            const apiUrl = typeof parsed.apiUrl === 'string' && parsed.apiUrl.trim()
+                ? parsed.apiUrl.trim()
+                : 'https://api.thinkrun.ai';
+            if (!apiUrl.startsWith('https://'))
+                return null;
+            return { apiKey, apiUrl };
+        }
+        catch {
+            // best-effort lookup only
+        }
+    }
+    return null;
+}
+function syncPersistedCliAuditState(sessionId, enabled, updatedAt, fetchFn = globalThis.fetch) {
+    const creds = getThinkrunApiCredentials();
+    if (!creds)
+        return Promise.resolve(false);
+    const { apiKey, apiUrl } = creds;
+    return patchLocalAuditState({ sessionId, enabled, updatedAt, apiKey, apiUrl, fetchFn });
+}
 function withTimeout(promise, timeoutMs, label) {
     let timer;
     const timeout = new Promise((_, reject) => {
@@ -251,6 +325,7 @@ export async function handleWindowNew(client, args, defaultSessionRef) {
 // Anchored to prevent false positives on cloud session IDs that end in digits
 // (e.g. `remote-session-42` would match the unanchored form and produce a tab ID).
 const LOCAL_SESSION_TAB_ID_RE = /^local-(\d+)$/;
+const EXTENSION_PROXY_SESSION_TAB_ID_RE = /^ext-proxy-(\d+)$/;
 function extractLocalTabIdFromSessionId(sessionId) {
     // Local MCP session IDs are expected to end in the underlying tab ID.
     // `focus` depends on this convention to foreground the bound local tab
@@ -261,6 +336,84 @@ function extractLocalTabIdFromSessionId(sessionId) {
     const parsed = Number(match[1]);
     return Number.isInteger(parsed) && parsed > 0 ? parsed : undefined;
 }
+function extractAuditableTabIdFromSessionId(sessionId) {
+    const localMatch = sessionId.match(LOCAL_SESSION_TAB_ID_RE);
+    if (localMatch) {
+        const parsed = Number(localMatch[1]);
+        return Number.isInteger(parsed) && parsed > 0 ? String(parsed) : undefined;
+    }
+    const extensionProxyMatch = sessionId.match(EXTENSION_PROXY_SESSION_TAB_ID_RE);
+    if (extensionProxyMatch) {
+        const parsed = Number(extensionProxyMatch[1]);
+        return Number.isInteger(parsed) && parsed > 0 ? String(parsed) : undefined;
+    }
+    return undefined;
+}
+function buildSessionAuditPayload(sessionId) {
+    const tabId = extractAuditableTabIdFromSessionId(sessionId);
+    if (!tabId)
+        return undefined;
+    const resolved = resolveTabAuditState({ tabId });
+    const stored = readTabAuditState(tabId);
+    return {
+        tabId,
+        enabled: resolved.enabled,
+        source: resolved.source,
+        storedEnabled: stored?.enabled,
+        storedUpdatedAt: stored?.updatedAt,
+    };
+}
+export async function handleSetAuditing(args, sidResolver) {
+    try {
+        const sessionId = sidResolver(args);
+        const tabId = extractAuditableTabIdFromSessionId(sessionId);
+        if (!tabId) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            success: false,
+                            error: `Session ${sessionId} is not backed by a local tab`,
+                        }, null, 2),
+                    }],
+                isError: true,
+            };
+        }
+        const stored = writeTabAuditState(tabId, args.enabled, undefined, { explicit: true });
+        const persistedCliSessionId = readPersistedCliSessionId(tabId);
+        if (persistedCliSessionId) {
+            syncPersistedCliAuditState(persistedCliSessionId, args.enabled, stored.updatedAt).catch(() => {
+                console.error('[thinkrun-mcp] set_auditing backend sync failed');
+            });
+        }
+        const resolved = resolveTabAuditState({ tabId });
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify({
+                        success: true,
+                        sessionId,
+                        tabId,
+                        enabled: resolved.enabled,
+                        source: resolved.source,
+                        storedEnabled: stored.enabled,
+                        storedUpdatedAt: stored.updatedAt,
+                    }, null, 2),
+                }],
+            isError: false,
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify({ success: false, error: message }, null, 2),
+                }],
+            isError: true,
+        };
+    }
+}
 export async function handleTabFocus(client, args, sidResolver, defaultSessionRef) {
     try {
         const sessionId = sidResolver(args);
@@ -475,10 +628,6 @@ export function createServer(client, options) {
     // The swap is not atomic with in-flight tool calls. MCP stdio uses sequential request/response,
     // so concurrent calls are not expected, but future transports may allow pipelining.
     const c = clientRef ? () => clientRef.current : () => client;
-    const selectorScreenshotSupport = options?.selectorScreenshotSupport ?? (() => {
-        const active = c();
-        return active.capabilities?.selectorScreenshots !== false;
-    });
     const requiredSessionIdSchema = z.string().describe('The session ID');
     const defaultableSessionIdSchema = z.string().optional().describe('The session ID (auto-injected if omitted when a default session exists)');
     /** Resolve session ID: use provided value, then ref, then initial default. */
@@ -539,11 +688,13 @@ export function createServer(client, options) {
             sessionId: defaultableSessionIdSchema,
         },
     }, async (args) => {
-        const result = await c().getSession(sid(args));
+        const sessionId = sid(args);
+        const result = await c().getSession(sessionId);
+        const audit = buildSessionAuditPayload(sessionId);
         return {
             content: [{
                     type: 'text',
-                    text: JSON.stringify(result, null, 2),
+                    text: JSON.stringify(audit ? { ...result, audit } : result, null, 2),
                 }],
         };
     });
@@ -663,6 +814,15 @@ export function createServer(client, options) {
                 }],
         };
     });
+    server.registerTool('set_auditing', {
+        title: 'Set Audit Mode',
+        description: 'Enable or disable local audit mode for the current local tab-backed session. ' +
+            'Uses the same persisted audit toggle as the ThinkRun CLI.',
+        inputSchema: {
+            sessionId: defaultableSessionIdSchema,
+            enabled: z.boolean().describe('Whether audit mode should be enabled for this local tab'),
+        },
+    }, async (args) => handleSetAuditing(args, sid));
     // ================================================================
     // Mode switching (only registered when clientRef + onSetMode provided)
     // ================================================================
@@ -845,6 +1005,18 @@ export function createServer(client, options) {
                 .optional()
                 .describe('Mouse button (default: left)'),
             clickCount: z.number().optional().describe('Number of clicks (2 for double-click)'),
+            delay: z
+                .number()
+                .int()
+                .min(0)
+                .optional()
+                .describe('Delay between mouse down and up in milliseconds'),
+            timeout: z
+                .number()
+                .int()
+                .min(1)
+                .optional()
+                .describe('Command timeout in milliseconds'),
             captureHtml: z.boolean().optional().describe('Capture page HTML after click'),
         },
     }, async (args) => {
@@ -857,6 +1029,42 @@ export function createServer(client, options) {
                 }],
         };
     });
+    server.registerTool('click_at', {
+        title: 'Click At Coordinates',
+        description: 'Click at viewport-relative CSS pixel coordinates. Local mode only. ' +
+            'Use this when semantic element targeting is unavailable and you need a precise coordinate click.',
+        inputSchema: {
+            sessionId: defaultableSessionIdSchema,
+            x: z.number().int().describe('Viewport-relative X coordinate in CSS pixels'),
+            y: z.number().int().describe('Viewport-relative Y coordinate in CSS pixels'),
+            thought: z.string().optional().describe('Why you are clicking at these coordinates'),
+            button: z
+                .enum(['left', 'right', 'middle'])
+                .optional()
+                .describe('Mouse button (default: left)'),
+            delay: z
+                .number()
+                .int()
+                .min(0)
+                .optional()
+                .describe('Delay between mouse down and up in milliseconds'),
+            timeout: z
+                .number()
+                .int()
+                .min(1)
+                .optional()
+                .describe('Command timeout in milliseconds'),
+        },
+    }, async (args) => {
+        const { sessionId: _sid, ...params } = args;
+        const result = await c().clickAt(sid(args), params);
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify(result, null, 2),
+                }],
+        };
+    });
     server.registerTool('type_text', {
         title: 'Type Text',
         description: 'Type text into an element (appends to existing text, triggers key events). ' +
@@ -865,6 +1073,12 @@ export function createServer(client, options) {
             sessionId: defaultableSessionIdSchema,
             selector: cssSelector.describe('CSS selector of the input element'),
             text: z.string().describe('Text to type'),
+            delay: z
+                .number()
+                .int()
+                .min(0)
+                .optional()
+                .describe('Delay between typed characters in milliseconds'),
             thought: z.string().optional().describe('Why you are typing this'),
         },
     }, async (args) => {
@@ -921,12 +1135,28 @@ export function createServer(client, options) {
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
             selector: cssSelector.optional().describe('CSS selector to scroll within (default: page)'),
+            to: cssSelector.optional().describe('CLI-style alias: scroll this element into view'),
+            direction: z
+                .enum(['up', 'down'])
+                .optional()
+                .describe('CLI-style vertical scroll direction (use with amount)'),
+            amount: z
+                .number()
+                .int()
+                .positive()
+                .optional()
+                .describe('CLI-style vertical scroll distance in pixels (default: 500 when direction is set)'),
             x: z.number().optional().describe('Horizontal scroll pixels'),
             y: z.number().optional().describe('Vertical scroll pixels (positive = down)'),
             thought: z.string().optional().describe('Why you are scrolling'),
         },
     }, async (args) => {
-        const { sessionId: _sid, ...params } = args;
+        const { sessionId: _sid, to, direction, amount, ...rest } = args;
+        const params = {
+            ...rest,
+            selector: rest.selector ?? to,
+            y: direction ? ((direction === 'up' ? -1 : 1) * (amount ?? 500)) : rest.y,
+        };
         const result = await c().scroll(sid(args), params);
         return {
             content: [{
@@ -1003,16 +1233,18 @@ export function createServer(client, options) {
     });
     server.registerTool('screenshot', {
         title: 'Take Screenshot',
-        description: 'Capture a screenshot of the current page. Returns a base64-encoded image. ' +
+        description: 'Capture a screenshot of the current page. Returns an image plus any available artifact metadata. ' +
             'Use fullPage to capture the entire scrollable page.',
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
-            selector: cssSelector.optional().describe('Optional CSS selector to capture a single element instead of the full viewport'),
             type: z
                 .enum(['png', 'jpeg', 'webp'])
                 .optional()
                 .describe('Image format (default: png)'),
             fullPage: z.boolean().optional().describe('Capture full scrollable page'),
+            selector: cssSelector
+                .optional()
+                .describe('Capture a specific element by CSS selector (mutually exclusive with fullPage)'),
             quality: z
                 .number()
                 .min(0)
@@ -1028,67 +1260,34 @@ export function createServer(client, options) {
         },
     }, async (args) => {
         const { sessionId: _sid, ...params } = args;
-        const activeClient = c();
-        if (params.selector && !selectorScreenshotSupport()) {
-            return {
-                content: [{
-                        type: 'text',
-                        text: JSON.stringify({
-                            success: false,
-                            error: 'Selector screenshots are currently unsupported in cloud mode. Use a default/full-page screenshot in cloud mode, or switch to local mode for selector capture.',
-                        }, null, 2),
-                    }],
-                isError: true,
-            };
-        }
-        let result;
-        try {
-            result = await activeClient.screenshot(sid(args), params);
-        }
-        catch (error) {
-            const retryable = typeof error === 'object'
-                && error !== null
-                && 'retryable' in error
-                && error.retryable === true;
-            return {
-                content: [{
-                        type: 'text',
-                        text: JSON.stringify({
-                            success: false,
-                            error: error instanceof Error ? error.message : String(error),
-                            retryable,
-                        }, null, 2),
-                    }],
-                isError: true,
-            };
-        }
+        const result = await c().screenshot(sid(args), params);
         if (result.screenshot) {
-            const metadata = {};
-            if (result.artifactId)
-                metadata.artifactId = result.artifactId;
-            if (result.url)
-                metadata.url = result.url;
-            if (result.format)
-                metadata.format = result.format;
-            if (typeof result.size === 'number')
-                metadata.size = result.size;
-            if (result.warning)
-                metadata.warning = result.warning;
+            const format = result.format || params.type || 'png';
+            const mimeType = result.mimeType || `image/${format}`;
+            const metadata = {
+                artifactId: result.artifactId,
+                url: result.url ?? result.publicUrl,
+                format: result.format,
+                size: result.size,
+                warning: result.warning,
+            };
+            const metadataText = Object.values(metadata).some((value) => value !== undefined)
+                ? JSON.stringify(metadata, null, 2)
+                : null;
             return {
                 content: [
                     {
                         type: 'image',
                         data: result.screenshot,
-                        mimeType: result.mimeType || `image/${params.type || 'png'}`,
+                        mimeType,
                     },
-                    ...(Object.keys(metadata).length > 0
+                    ...(metadataText
                         ? [{
                                 type: 'text',
-                                text: JSON.stringify(metadata, null, 2),
+                                text: metadataText,
                             }]
                         : []),
                 ],
-                isError: false,
             };
         }
         return {
@@ -1106,16 +1305,32 @@ export function createServer(client, options) {
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
             type: z
-                .enum(['text', 'html', 'dom', 'evaluate'])
+                .enum(['text', 'html', 'dom', 'evaluate', 'attribute'])
                 .optional()
                 .describe('Extraction type (default: text)'),
+            format: z
+                .enum(['text', 'json', 'html'])
+                .optional()
+                .describe('CLI-style alias for output mode. "json" keeps structured extraction results.'),
             selector: cssSelector.optional().describe('CSS selector to scope extraction'),
             script: z.string().optional().describe('JavaScript expression (when type=evaluate)'),
             attribute: z.string().optional().describe('HTML attribute to extract'),
+            attr: z.string().optional().describe('CLI-style alias for attribute extraction'),
             multiple: z.boolean().optional().describe('Extract from all matching elements'),
+            all: z.boolean().optional().describe('CLI-style alias for multiple extraction'),
         },
     }, async (args) => {
-        const { sessionId: _sid, ...params } = args;
+        const { sessionId: _sid, format, attr, all, ...rest } = args;
+        const attribute = rest.attribute ?? attr;
+        const multiple = rest.multiple ?? all;
+        const type = rest.type
+            ?? (attribute ? 'attribute' : format === 'html' ? 'html' : format === 'json' ? 'text' : 'text');
+        const params = {
+            ...rest,
+            type,
+            attribute,
+            multiple,
+        };
         const result = await c().extract(sid(args), params);
         const extracted = result.text || result.html
             || (result.data != null ? JSON.stringify(result.data, null, 2) : null);
@@ -1132,9 +1347,15 @@ export function createServer(client, options) {
         inputSchema: {
             sessionId: defaultableSessionIdSchema,
             script: z.string().describe('JavaScript code to execute in the page'),
+            timeout: z
+                .number()
+                .int()
+                .min(1)
+                .optional()
+                .describe('Command timeout in milliseconds'),
         },
     }, async (args) => {
-        const result = await c().evaluate(sid(args), { script: args.script });
+        const result = await c().evaluate(sid(args), { script: args.script, timeout: args.timeout });
         let text;
         if (result.error) {
             text = result.error;