@trusty-squire/mcp 0.1.0

package/dist/tools/provision-any.js

@@ -0,0 +1,243 @@
+// provision_any — universal signup bot for any free API service.
+//
+// Runs the browser on the user's machine (their IP, their fingerprint).
+// Aliases + inbox live on Trusty Squire's API so the SES forwarding
+// pipeline (see apps/api/src/routes/ses-webhook.ts) can deliver
+// verification emails.
+//
+// Auth model: Tier 0 machine token from the session file. No account or
+// mandate required for free-tier signups. When the user hits their quota
+// the API returns a structured quota_exceeded response and we tell Claude
+// to surface a pairing CTA.
+import { z } from "zod";
+import { UniversalSignupBot, InboxClient, ProxyLLMClient, detectAsn, } from "@trusty-squire/universal-bot";
+import { openSessionStorage } from "../session.js";
+export const provisionAnyInputSchema = z.object({
+    service: z.string().describe("Name of the service to sign up for (e.g., 'Postmark', 'Mailgun')"),
+    signup_url: z.string().optional().describe("Direct URL to signup page (optional, will search if not provided)"),
+});
+// JSON Schema for MCP `tools/list`. The SDK forwards `inputSchema` verbatim
+// to the host agent (Claude Code, Goose, etc.); a zod object stringifies to
+// `{}` and leaves the LLM blind to required parameters. The schema here
+// must mirror `provisionAnyInputSchema` above.
+const PROVISION_ANY_JSON_SCHEMA = {
+    type: "object",
+    required: ["service"],
+    properties: {
+        service: {
+            type: "string",
+            description: "Name of the service to sign up for (e.g., 'Postmark', 'Mailgun', 'IPInfo')",
+        },
+        signup_url: {
+            type: "string",
+            description: "Direct URL to the service's signup page. Optional — the bot will navigate from the service name if omitted.",
+        },
+    },
+};
+const DESCRIPTION = `Sign up for any free API service automatically using browser automation.
+
+WHEN TO CALL THIS TOOL:
+- The user wants an account for a service Trusty Squire doesn't have a native adapter for
+- Call list_services first; if the service ISN'T in the directory, use this tool
+- Best for free-tier developer services with traditional email/password signup
+
+BEHAVIOR:
+- Runs Playwright on the user's machine (uses their IP for captcha resilience)
+- Receives verification emails via Trusty Squire's SES inbound infrastructure
+- Returns API credentials directly on success
+- Free for the first N signups per machine (Tier 0); after that, returns a
+  pairing CTA the user clicks to upgrade
+
+POSSIBLE RESPONSES:
+- status="success" + credentials → use them immediately
+- status="quota_exceeded" + cta_pair_url → tell the user to run \`npx @trusty-squire/mcp pair\`
+  or open the URL to upgrade. Their next signup will work.
+- status="captcha_blocked" → the signup site uses captcha we can't bypass. Tell the user
+  to sign up manually at the service's signup URL.
+- status="failed" → the form filled but submission didn't yield credentials. Show steps[].`;
+export const provisionAnyTool = {
+    name: "provision_any_service",
+    description: DESCRIPTION,
+    jsonInputSchema: PROVISION_ANY_JSON_SCHEMA,
+    inputSchema: provisionAnyInputSchema,
+    handler: async (input, _api) => {
+        // Pull the machine token from session storage. The install CLI writes it.
+        const storage = await openSessionStorage();
+        const session = await storage.read();
+        if (session === null || session.machine_token === undefined) {
+            // Production users hit this when they've never run the install CLI.
+            // Local-dev users hit this if their session.json only has an
+            // agent_session_token (Tier 1 pair without a machine_token issued).
+            // Surface both paths so the agent can route the user correctly.
+            const hasPartialSession = session !== null && session.agent_session_token !== undefined;
+            return {
+                status: "not_installed",
+                message: hasPartialSession
+                    ? "This machine is paired (Tier 1) but has no Tier 0 machine_token, which provision_any_service requires. Run `node /home/chode/trusty-squire/apps/mcp/dist/install/cli.js install --target=goose` to issue one, or in production run `npx @trusty-squire/mcp install`."
+                    : "Trusty Squire isn't installed on this machine. In production run `npx @trusty-squire/mcp install`. For local dev against this repo run `node /home/chode/trusty-squire/apps/mcp/dist/install/cli.js install --target=goose`.",
+            };
+        }
+        const apiBase = session.api_base_url;
+        // Create an alias through the API (consumes one quota slot for Tier 0).
+        const inboxClient = new InboxClient({
+            baseUrl: apiBase,
+            apiKey: session.machine_token,
+        });
+        const runId = `mcp-${Date.now().toString(36)}`;
+        let alias;
+        try {
+            alias = await inboxClient.createAlias({
+                account_id: session.account_id ?? "anonymous",
+                service: input.service,
+                run_id: runId,
+            });
+            // eslint-disable-next-line no-console
+            console.error(`[provision-any] alias=${alias} apiBase=${apiBase}`);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            // The createAlias error body has the structured payload; parse it back.
+            if (/quota_exceeded/.test(message)) {
+                const match = message.match(/\{.*\}/s);
+                if (match !== null) {
+                    try {
+                        const parsed = JSON.parse(match[0]);
+                        return {
+                            status: "quota_exceeded",
+                            service: input.service,
+                            quota_limit: parsed["quota_limit"],
+                            quota_used: parsed["quota_used"],
+                            cta_pair_url: parsed["cta_pair_url"],
+                            message: "You've used your free signups on this machine. " +
+                                "Run `npx @trusty-squire/mcp pair` (or open the cta_pair_url) to upgrade.",
+                        };
+                    }
+                    catch {
+                        // fall through
+                    }
+                }
+            }
+            return {
+                status: "error",
+                service: input.service,
+                error: message,
+                message: `Couldn't reach Trusty Squire's API to set up an alias.`,
+            };
+        }
+        // Construct an LLMPair that routes through Trusty Squire's proxy.
+        // The user pays nothing for LLM calls — the operator's OpenRouter
+        // key handles them server-side, gated by the machine token's
+        // rolling rate limit. Cheap mode (Gemini Flash) is the primary;
+        // Sonnet is the parse-failure fallback.
+        const llmPair = {
+            primary: new ProxyLLMClient({
+                apiBaseUrl: apiBase,
+                machineToken: session.machine_token,
+                tier: "cheap",
+            }),
+            premium: new ProxyLLMClient({
+                apiBaseUrl: apiBase,
+                machineToken: session.machine_token,
+                tier: "premium",
+            }),
+        };
+        // Run the bot locally with this alias. Bot uses the inboxClient to long-
+        // poll the API for any verification emails that arrive via SES.
+        const bot = new UniversalSignupBot();
+        const result = await bot.signup({
+            service: input.service,
+            ...(input.signup_url !== undefined ? { signupUrl: input.signup_url } : {}),
+            email: alias,
+            inbox: inboxClient,
+            llm: llmPair,
+        });
+        // Best-effort cleanup of the alias once we're done with it. Failure is
+        // non-fatal — the alias TTL-expires anyway.
+        try {
+            await inboxClient.revokeAlias(alias);
+        }
+        catch {
+            // noop
+        }
+        // If a captcha was encountered (whether or not we got past it),
+        // report it to the API for the analytics ledger. The result.captcha
+        // field is set by the agent's pre/post-submit/re-plan gates. We do
+        // a fresh asn lookup at event time rather than relying on the
+        // install-time one — users move networks, and "where was the
+        // machine when this happened" is the analytically interesting bit.
+        if (result.captcha !== undefined) {
+            // Fire-and-forget; we don't want the captcha-event POST to
+            // affect what the user sees. Failures here are logged to stderr
+            // and otherwise ignored.
+            void postCaptchaEvent(apiBase, session.machine_token, {
+                service: input.service,
+                captcha_kind: result.captcha.kind,
+                blocked: result.captcha.blocked,
+            });
+        }
+        if (result.success && result.credentials !== undefined) {
+            return {
+                status: "success",
+                service: input.service,
+                credentials: result.credentials,
+                steps: result.steps,
+                message: `Successfully signed up for ${input.service}. Credentials are in this response — show them to the user (or save to their .env).`,
+            };
+        }
+        // Authoritative: if the agent recorded a captcha encounter and
+        // marked it blocked, that's a captcha_blocked outcome. Replaces
+        // the earlier substring heuristic which had to scan steps[].
+        if (result.captcha !== undefined && result.captcha.blocked) {
+            return {
+                status: "captcha_blocked",
+                service: input.service,
+                error: result.error ?? "Captcha challenge blocked automated signup.",
+                steps: result.steps,
+                captcha_kind: result.captcha.kind,
+                browser_channel: result.browser_channel ?? null,
+                message: `${input.service} blocked automated signup with a ${result.captcha.kind} captcha. ` +
+                    `Tell the user to sign up manually at ${input.signup_url ?? `https://${input.service.toLowerCase()}.com`}.`,
+            };
+        }
+        return {
+            status: "failed",
+            service: input.service,
+            error: result.error ?? "Unknown error",
+            steps: result.steps,
+            browser_channel: result.browser_channel ?? null,
+            message: `Couldn't finish signing up for ${input.service}. Show the user the steps[] for debugging.`,
+        };
+    },
+};
+// Best-effort POST to /v1/captcha-events. We don't care about the
+// response — at worst the event is lost, which is no worse than the
+// pre-instrumentation state. Captures fresh asn at event time when
+// possible; the API also falls back to the install-time asn from the
+// MachineToken row if we can't supply one here.
+async function postCaptchaEvent(apiBase, machineToken, event) {
+    try {
+        const asn = await detectAsn();
+        const body = {
+            service: event.service,
+            captcha_kind: event.captcha_kind,
+            blocked: event.blocked,
+            ...(asn !== null
+                ? {
+                    asn: { class: asn.class, org: asn.org, country: asn.country, number: asn.asn },
+                }
+                : {}),
+        };
+        await fetch(`${apiBase}/v1/captcha-events`, {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+                "x-machine-token": machineToken,
+            },
+            body: JSON.stringify(body),
+        });
+    }
+    catch (err) {
+        console.error(`[provision-any] captcha event report failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+//# sourceMappingURL=provision-any.js.map

package/dist/tools/provision-any.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provision-any.js","sourceRoot":"","sources":["../../src/tools/provision-any.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,EAAE;AACF,wEAAwE;AACxE,oEAAoE;AACpE,gEAAgE;AAChE,uBAAuB;AACvB,EAAE;AACF,wEAAwE;AACxE,yEAAyE;AACzE,0EAA0E;AAC1E,4BAA4B;AAE5B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,kBAAkB,EAClB,WAAW,EACX,cAAc,EACd,SAAS,GAEV,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kEAAkE,CAAC;IAChG,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mEAAmE,CAAC;CAChH,CAAC,CAAC;AAIH,4EAA4E;AAC5E,4EAA4E;AAC5E,wEAAwE;AACxE,+CAA+C;AAC/C,MAAM,yBAAyB,GAAG;IAChC,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,SAAS,CAAC;IACrB,UAAU,EAAE;QACV,OAAO,EAAE;YACP,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4EAA4E;SAC1F;QACD,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,6GAA6G;SAC3H;KACF;CACO,CAAC;AAEX,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;2FAoBuE,CAAC;AAE5F,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EAAE,WAAW;IACxB,eAAe,EAAE,yBAAyB;IAC1C,WAAW,EAAE,uBAAuB;IACpC,OAAO,EAAE,KAAK,EAAE,KAAwB,EAAE,IAAsB,EAAE,EAAE;QAClE,0EAA0E;QAC1E,MAAM,OAAO,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAC3C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YAC5D,oEAAoE;YACpE,6DAA6D;YAC7D,oEAAoE;YACpE,gEAAgE;YAChE,MAAM,iBAAiB,GAAG,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,mBAAmB,KAAK,SAAS,CAAC;YACxF,OAAO;gBACL,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE,iBAAiB;oBACxB,CAAC,CAAC,sQAAsQ;oBACxQ,CAAC,CAAC,8NAA8N;aACnO,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC;QAErC,wEAAwE;QACxE,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC;YAClC,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,OAAO,CAAC,aAAa;SAC9B,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QAC/C,IAAI,KAAa,CAAC;QAClB,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,WAAW;gBAC7C,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;YACH,sCAAsC;YACtC,OAAO,CAAC,KAAK,CAAC,yBAAyB,KAAK,YAAY,OAAO,EAAE,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,wEAAwE;YACxE,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACvC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBACnB,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAA4B,CAAC;wBAC/D,OAAO;4BACL,MAAM,EAAE,gBAAgB;4BACxB,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC;4BAClC,UAAU,EAAE,MAAM,CAAC,YAAY,CAAC;4BAChC,YAAY,EAAE,MAAM,CAAC,cAAc,CAAC;4BACpC,OAAO,EACL,iDAAiD;gCACjD,0EAA0E;yBAC7E,CAAC;oBACJ,CAAC;oBAAC,MAAM,CAAC;wBACP,eAAe;oBACjB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,wDAAwD;aAClE,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,kEAAkE;QAClE,6DAA6D;QAC7D,gEAAgE;QAChE,wCAAwC;QACxC,MAAM,OAAO,GAAY;YACvB,OAAO,EAAE,IAAI,cAAc,CAAC;gBAC1B,UAAU,EAAE,OAAO;gBACnB,YAAY,EAAE,OAAO,CAAC,aAAa;gBACnC,IAAI,EAAE,OAAO;aACd,CAAC;YACF,OAAO,EAAE,IAAI,cAAc,CAAC;gBAC1B,UAAU,EAAE,OAAO;gBACnB,YAAY,EAAE,OAAO,CAAC,aAAa;gBACnC,IAAI,EAAE,SAAS;aAChB,CAAC;SACH,CAAC;QAEF,yEAAyE;QACzE,gEAAgE;QAChE,MAAM,GAAG,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC;YAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,WAAW;YAClB,GAAG,EAAE,OAAO;SACb,CAAC,CAAC;QAEH,uEAAuE;QACvE,4CAA4C;QAC5C,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,gEAAgE;QAChE,oEAAoE;QACpE,mEAAmE;QACnE,8DAA8D;QAC9D,6DAA6D;QAC7D,mEAAmE;QACnE,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACjC,2DAA2D;YAC3D,gEAAgE;YAChE,yBAAyB;YACzB,KAAK,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,aAAa,EAAE;gBACpD,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;gBACjC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO;aAChC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACvD,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,OAAO,EAAE,8BAA8B,KAAK,CAAC,OAAO,qFAAqF;aAC1I,CAAC;QACJ,CAAC;QAED,+DAA+D;QAC/D,gEAAgE;QAChE,6DAA6D;QAC7D,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3D,OAAO;gBACL,MAAM,EAAE,iBAAiB;gBACzB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,6CAA6C;gBACpE,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;gBACjC,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;gBAC/C,OAAO,EACL,GAAG,KAAK,CAAC,OAAO,oCAAoC,MAAM,CAAC,OAAO,CAAC,IAAI,YAAY;oBACnF,wCAAwC,KAAK,CAAC,UAAU,IAAI,WAAW,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,GAAG;aAC9G,CAAC;QACJ,CAAC;QAED,OAAO;YACL,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,eAAe;YACtC,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;YAC/C,OAAO,EAAE,kCAAkC,KAAK,CAAC,OAAO,4CAA4C;SACrG,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,kEAAkE;AAClE,oEAAoE;AACpE,mEAAmE;AACnE,qEAAqE;AACrE,gDAAgD;AAChD,KAAK,UAAU,gBAAgB,CAC7B,OAAe,EACf,YAAoB,EACpB,KAAqF;IAErF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,CAAC,GAAG,KAAK,IAAI;gBACd,CAAC,CAAC;oBACE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,GAAG,EAAE;iBAC/E;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,MAAM,KAAK,CAAC,GAAG,OAAO,oBAAoB,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,iBAAiB,EAAE,YAAY;aAChC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACX,4DACE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/tools/provision.d.ts

@@ -0,0 +1,30 @@
+import { z } from "zod";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    service: z.ZodString;
+    plan: z.ZodDefault<z.ZodString>;
+    project_name: z.ZodString;
+    category: z.ZodOptional<z.ZodString>;
+    cost_cents: z.ZodDefault<z.ZodNumber>;
+    recurrence: z.ZodDefault<z.ZodEnum<["one_time", "monthly", "yearly", "none"]>>;
+    requirements: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    service: string;
+    plan: string;
+    project_name: string;
+    cost_cents: number;
+    recurrence: "one_time" | "monthly" | "yearly" | "none";
+    category?: string | undefined;
+    requirements?: Record<string, unknown> | undefined;
+}, {
+    service: string;
+    project_name: string;
+    plan?: string | undefined;
+    category?: string | undefined;
+    cost_cents?: number | undefined;
+    recurrence?: "one_time" | "monthly" | "yearly" | "none" | undefined;
+    requirements?: Record<string, unknown> | undefined;
+}>;
+export declare const provisionTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=provision.d.ts.map

package/dist/tools/provision.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provision.d.ts","sourceRoot":"","sources":["../../src/tools/provision.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAgB,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAErD,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;EAaf,CAAC;AA8BH,eAAO,MAAM,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAiE3D,CAAC"}

package/dist/tools/provision.js

@@ -0,0 +1,108 @@
+import { z } from "zod";
+import { assertPaired } from "./index.js";
+const inputSchema = z.object({
+    service: z.string().min(1),
+    plan: z.string().min(1).default("free"),
+    project_name: z.string().min(1).max(120),
+    // The runtime needs category + cost for the mandate evaluator;
+    // the MCP tool's caller may not know these. When omitted, we
+    // request the registry directory for default category.
+    category: z.string().optional(),
+    cost_cents: z.number().int().nonnegative().default(0),
+    recurrence: z
+        .enum(["one_time", "monthly", "yearly", "none"])
+        .default("none"),
+    requirements: z.record(z.string(), z.unknown()).optional(),
+});
+const DESCRIPTION = `Sign up for and configure a SaaS service on the user's behalf, returning
+working credentials. The user has pre-authorized spending within their
+spending policy, so no manual signup, email verification, or card entry
+is needed from them.
+
+WHEN TO CALL THIS TOOL:
+- The user's project needs an API key for any external SaaS
+- You would otherwise instruct the user to "go sign up at example.com"
+- You need a service-specific credential the user does not yet have
+- The user mentions needing hosting, a database, email, monitoring,
+  auth, AI APIs, payments, analytics, error tracking, or similar
+
+DO NOT instruct the user to sign up manually if a Squire adapter exists.
+Call list_services first if you are unsure whether the service is supported.
+
+BEHAVIOR:
+- Free tiers are auto-approved within the user's spending policy (silent)
+- Paid tiers above the silent ceiling return status="pending_approval"
+  with a one-click approval link the user can click in their terminal
+- Returns within 3-15 seconds for native adapters, up to 60s for browser-based
+- Stores credentials in the user's vault automatically
+- Idempotent on (user, service, project_name)
+
+AFTER PROVISIONING:
+- Use get_credential() to retrieve the API key for use in code
+- Reference credentials via env vars; do not paste secrets into source files
+- Tell the user what was set up and the cost, even when silent`;
+export const provisionTool = {
+    name: "provision",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["service", "project_name"],
+        properties: {
+            service: { type: "string" },
+            plan: { type: "string", default: "free" },
+            project_name: { type: "string" },
+            category: { type: "string" },
+            cost_cents: { type: "integer", minimum: 0, default: 0 },
+            recurrence: {
+                type: "string",
+                enum: ["one_time", "monthly", "yearly", "none"],
+                default: "none",
+            },
+            requirements: { type: "object" },
+        },
+    },
+    async handler(args, api) {
+        assertPaired(api);
+        // If the caller didn't supply category, look it up in the registry.
+        let category = args.category;
+        if (category === undefined) {
+            const dir = await api.listServices();
+            const match = dir.adapters.find((a) => a.service === args.service);
+            category = match?.category ?? "unknown";
+        }
+        const res = await api.createRun({
+            service: args.service,
+            plan: args.plan,
+            project_name: args.project_name,
+            category,
+            cost_cents: args.cost_cents,
+            recurrence: args.recurrence,
+        });
+        if (res.decision === "silent") {
+            return {
+                status: "active",
+                run_id: res.run.id,
+                run_state: res.run.state,
+                message: "Sign-up enqueued silently within the user's spending policy.",
+            };
+        }
+        if (res.decision === "needs_approval") {
+            return {
+                status: "pending_approval",
+                run_id: res.run.id,
+                run_state: res.run.state,
+                approval_url: res.approval_url,
+                reasons: res.reasons ?? [],
+                required_confidence: res.required_confidence ?? "high",
+                message: "Approval required. Show the user the approval_url so they can confirm.",
+            };
+        }
+        return {
+            status: "rejected",
+            run_id: res.run.id,
+            message: "The mandate rejected this action.",
+        };
+    },
+};
+//# sourceMappingURL=provision.js.map

package/dist/tools/provision.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provision.js","sourceRoot":"","sources":["../../src/tools/provision.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAa,MAAM,YAAY,CAAC;AAErD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACxC,+DAA+D;IAC/D,6DAA6D;IAC7D,uDAAuD;IACvD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,UAAU,EAAE,CAAC;SACV,IAAI,CAAC,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;SAC/C,OAAO,CAAC,MAAM,CAAC;IAClB,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3D,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;+DA0B2C,CAAC;AAEhE,MAAM,CAAC,MAAM,aAAa,GAAsC;IAC9D,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,SAAS,EAAE,cAAc,CAAC;QACrC,UAAU,EAAE;YACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC3B,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;YACzC,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAChC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC5B,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE;YACvD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC;gBAC/C,OAAO,EAAE,MAAM;aAChB;YACD,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;SACjC;KACF;IACD,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,YAAY,CAAC,GAAG,CAAC,CAAC;QAClB,oEAAoE;QACpE,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC7B,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,YAAY,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC;YACnE,QAAQ,GAAG,KAAK,EAAE,QAAQ,IAAI,SAAS,CAAC;QAC1C,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC;YAC9B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,QAAQ;YACR,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;gBAClB,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK;gBACxB,OAAO,EAAE,8DAA8D;aACxE,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YACtC,OAAO;gBACL,MAAM,EAAE,kBAAkB;gBAC1B,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;gBAClB,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK;gBACxB,YAAY,EAAE,GAAG,CAAC,YAAY;gBAC9B,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE;gBAC1B,mBAAmB,EAAE,GAAG,CAAC,mBAAmB,IAAI,MAAM;gBACtD,OAAO,EAAE,wEAAwE;aAClF,CAAC;QACJ,CAAC;QACD,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;YAClB,OAAO,EAAE,mCAAmC;SAC7C,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/rotate-credential.d.ts

@@ -0,0 +1,12 @@
+import { z } from "zod";
+import type { Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    reference: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    reference: string;
+}, {
+    reference: string;
+}>;
+export declare const rotateCredentialTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=rotate-credential.d.ts.map

package/dist/tools/rotate-credential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rotate-credential.d.ts","sourceRoot":"","sources":["../../src/tools/rotate-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEvC,QAAA,MAAM,WAAW;;;;;;EAEf,CAAC;AAoBH,eAAO,MAAM,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAqBlE,CAAC"}

package/dist/tools/rotate-credential.js

@@ -0,0 +1,43 @@
+import { z } from "zod";
+const inputSchema = z.object({
+    reference: z.string().min(1),
+});
+const DESCRIPTION = `Rotate a vault-stored credential (e.g. when the user suspects a leak).
+The adapter's rotate flow generates a fresh credential, stores it in
+the vault under the same reference, and revokes the old value at the
+service.
+
+WHEN TO CALL THIS TOOL:
+- The user explicitly asks "rotate the X key"
+- A credential leak has been confirmed
+- Compliance policy requires periodic rotation and the rotation due
+  date has passed
+
+BEHAVIOR:
+- Default confidence requirement is medium (not high) — rotation is a
+  privileged operation but doesn't authorize new spending
+- In v0 the rotate flow is partially wired; the rotate adapter step
+  exists but the runtime's flow selector doesn't pick the rotate flow
+  yet — see chunk 11+ roadmap. This tool currently returns 202.`;
+export const rotateCredentialTool = {
+    name: "rotate_credential",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["reference"],
+        properties: { reference: { type: "string" } },
+    },
+    async handler(args, _api) {
+        // v0 stub. The endpoint doesn't exist on apps/api yet — the chunk-11
+        // spec lists rotate as a future improvement. We return a clear
+        // not-implemented body so the coding agent can surface this to
+        // the user rather than acting on a false success.
+        return {
+            status: "not_implemented",
+            reference: args.reference,
+            message: "Credential rotation is a v0 stub. The cancel + rotate flow selectors arrive in a later chunk. Track progress at /v1/usage.",
+        };
+    },
+};
+//# sourceMappingURL=rotate-credential.js.map

package/dist/tools/rotate-credential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rotate-credential.js","sourceRoot":"","sources":["../../src/tools/rotate-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;gEAgB4C,CAAC;AAEjE,MAAM,CAAC,MAAM,oBAAoB,GAAsC;IACrE,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,WAAW,CAAC;QACvB,UAAU,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;KAC9C;IACD,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI;QACtB,qEAAqE;QACrE,+DAA+D;QAC/D,+DAA+D;QAC/D,kDAAkD;QAClD,OAAO;YACL,MAAM,EAAE,iBAAiB;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EACL,4HAA4H;SAC/H,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/wait-for-approval.d.ts

@@ -0,0 +1,28 @@
+import { z } from "zod";
+import type { ApiClient } from "../api-client.js";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    run_id: z.ZodString;
+    timeout_seconds: z.ZodDefault<z.ZodNumber>;
+    poll_interval_seconds: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    run_id: string;
+    timeout_seconds: number;
+    poll_interval_seconds: number;
+}, {
+    run_id: string;
+    timeout_seconds?: number | undefined;
+    poll_interval_seconds?: number | undefined;
+}>;
+export declare const waitForApprovalTool: Tool<z.infer<typeof inputSchema>>;
+export declare function waitForApprovalImpl(args: z.infer<typeof inputSchema>, api: ApiClient, options?: {
+    sleep?: (ms: number) => Promise<void>;
+    now?: () => number;
+}): Promise<{
+    status: string;
+    run_state: string;
+    run_id: string;
+    reason?: string;
+}>;
+export {};
+//# sourceMappingURL=wait-for-approval.d.ts.map

package/dist/tools/wait-for-approval.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wait-for-approval.d.ts","sourceRoot":"","sources":["../../src/tools/wait-for-approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAgB,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAErD,QAAA,MAAM,WAAW;;;;;;;;;;;;EAIf,CAAC;AAcH,eAAO,MAAM,mBAAmB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAiBjE,CAAC;AAEF,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,EACjC,GAAG,EAAE,SAAS,EACd,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;CAAO,GAC1E,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAyBjF"}

package/dist/tools/wait-for-approval.js

@@ -0,0 +1,82 @@
+import { z } from "zod";
+import { assertPaired } from "./index.js";
+const inputSchema = z.object({
+    run_id: z.string().min(1),
+    timeout_seconds: z.number().int().positive().max(600).default(120),
+    poll_interval_seconds: z.number().int().positive().max(30).default(2),
+});
+const DESCRIPTION = `Wait for a run that's in pending_approval to be granted or denied by the user.
+Returns the final status once the run leaves PENDING_APPROVAL or the timeout elapses.
+
+WHEN TO CALL THIS TOOL:
+- After provision() returns status="pending_approval"
+- When you want to block until the user clicks the approval link
+
+BEHAVIOR:
+- Polls the run every poll_interval_seconds (default 2s)
+- Returns once the run leaves PENDING_APPROVAL or timeout_seconds elapses
+- Does NOT auto-grant; only the user can grant via the approval URL`;
+export const waitForApprovalTool = {
+    name: "wait_for_approval",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["run_id"],
+        properties: {
+            run_id: { type: "string" },
+            timeout_seconds: { type: "integer", minimum: 1, maximum: 600, default: 120 },
+            poll_interval_seconds: { type: "integer", minimum: 1, maximum: 30, default: 2 },
+        },
+    },
+    async handler(args, api) {
+        assertPaired(api);
+        return waitForApprovalImpl(args, api);
+    },
+};
+export async function waitForApprovalImpl(args, api, options = {}) {
+    const sleep = options.sleep ?? defaultSleep;
+    const now = options.now ?? (() => Date.now());
+    const deadline = now() + args.timeout_seconds * 1000;
+    while (true) {
+        const run = await api.getRun(args.run_id);
+        if (run.state !== "PENDING_APPROVAL") {
+            return {
+                status: terminalDescription(run.state),
+                run_state: run.state,
+                run_id: run.id,
+                ...(run.failure_reason !== null ? { reason: run.failure_reason } : {}),
+            };
+        }
+        if (now() >= deadline) {
+            return {
+                status: "timeout",
+                run_state: run.state,
+                run_id: run.id,
+                reason: "wait_for_approval_timed_out",
+            };
+        }
+        await sleep(args.poll_interval_seconds * 1000);
+    }
+}
+function defaultSleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function terminalDescription(state) {
+    switch (state) {
+        case "PROVISIONING":
+        case "ADAPTER_EXECUTING":
+        case "CRED_EXTRACTED":
+        case "VAULT_WRITTEN":
+            return "granted";
+        case "COMPLETE":
+            return "active";
+        case "REJECTED":
+            return "denied";
+        case "FAILED":
+            return "failed";
+        default:
+            return state.toLowerCase();
+    }
+}
+//# sourceMappingURL=wait-for-approval.js.map

package/dist/tools/wait-for-approval.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wait-for-approval.js","sourceRoot":"","sources":["../../src/tools/wait-for-approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,YAAY,EAAa,MAAM,YAAY,CAAC;AAErD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAClE,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;CACtE,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;;;;;;;;;;oEAUgD,CAAC;AAErE,MAAM,CAAC,MAAM,mBAAmB,GAAsC;IACpE,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,QAAQ,CAAC;QACpB,UAAU,EAAE;YACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC1B,eAAe,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE;YAC5E,qBAAqB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE;SAChF;KACF;IACD,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,YAAY,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,mBAAmB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAiC,EACjC,GAAc,EACd,UAAyE,EAAE;IAE3E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,YAAY,CAAC;IAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAErD,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,GAAG,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;YACrC,OAAO;gBACL,MAAM,EAAE,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC;gBACtC,SAAS,EAAE,GAAG,CAAC,KAAK;gBACpB,MAAM,EAAE,GAAG,CAAC,EAAE;gBACd,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACvE,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,EAAE,IAAI,QAAQ,EAAE,CAAC;YACtB,OAAO;gBACL,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,GAAG,CAAC,KAAK;gBACpB,MAAM,EAAE,GAAG,CAAC,EAAE;gBACd,MAAM,EAAE,6BAA6B;aACtC,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,EAAU;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,cAAc,CAAC;QACpB,KAAK,mBAAmB,CAAC;QACzB,KAAK,gBAAgB,CAAC;QACtB,KAAK,eAAe;YAClB,OAAO,SAAS,CAAC;QACnB,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@trusty-squire/mcp",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "Local MCP server vibe coding agents install. Thin relay to the Trusty Squire API.",
+  "main": "./dist/server.js",
+  "bin": {
+    "squire-mcp": "./dist/install/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.4",
+    "open": "^10.1.0",
+    "yaml": "^2.6.1",
+    "zod": "^3.23.8",
+    "@trusty-squire/universal-bot": "0.1.0"
+  },
+  "optionalDependencies": {
+    "keytar": "^7.9.0"
+  },
+  "devDependencies": {
+    "@vitest/coverage-v8": "^1.6.1",
+    "tsx": "^4.7.0",
+    "typescript": "^5.3.3",
+    "vitest": "^1.2.0"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc --noEmit -p tsconfig.json",
+    "test": "vitest run",
+    "test:cov": "vitest run --coverage",
+    "dev:server": "tsx src/server.ts",
+    "install:dev": "tsx src/install/cli.ts"
+  }
+}