@venturewild/workspace 0.6.18 → 0.6.20

package/server/src/index.mjs

@@ -85,6 +85,7 @@ import { getOperatorToken } from './operator.mjs';
 import { runDoctor } from './doctor.mjs';
 import { appendLine, tailFile, logFile, listLogs, TAILABLE, globalDir } from './logpaths.mjs';
 import { createBackgroundTasks } from './background-tasks.mjs';
+import { createTickets } from './support/tickets.mjs';
 import { SessionReporter } from './session-reporter.mjs';
 import { TranscriptRecorder } from './transcript.mjs';
 import { loadObservabilityConsent, setObservabilityConsent } from './observability.mjs';
@@ -509,6 +510,32 @@ export async function createServer(overrides = {}) {
     ? { mcpConfigPath: turnMcpConfig, strictMcp: true, appendSystemPrompt: TURN_SYSTEM_PROMPT }
     : {};
 
+  // Per-session GLM (items 13/14): a GLM chat is the CLAUDE binary with GLM env
+  // injected at spawn (so --resume / --mcp-config / canvas+bazaar tools all survive) —
+  // NOT the bare `glm` wrapper agent. Mirrors ~/.local/bin/glm exactly. Returns null
+  // if no key is connected, so a GLM turn degrades to an honest "connect GLM" error
+  // rather than silently running as Claude. The key NEVER leaves this env.
+  function glmEnv() {
+    try {
+      const keyFile = process.env.GLM_KEY_FILE || path.join(config.home, '.glm-key');
+      const key = readFileSync(keyFile, 'utf8').replace(/\s+/g, '');
+      if (!key) return null;
+      return {
+        ANTHROPIC_BASE_URL: 'https://api.z.ai/api/anthropic',
+        ANTHROPIC_AUTH_TOKEN: key,
+        ANTHROPIC_MODEL: process.env.GLM_MODEL || 'glm-5.1',
+        ANTHROPIC_SMALL_FAST_MODEL: process.env.GLM_SMALL_MODEL || 'glm-4.5-air',
+        DISABLE_TELEMETRY: '1',
+        DISABLE_ERROR_REPORTING: '1',
+      };
+    } catch {
+      return null;
+    }
+  }
+  function glmConnected() {
+    return glmEnv() != null;
+  }
+
   // --- chat turn orchestration ----------------------------------------------
   // One conversation per workspace in v1 (single-user, single tab — PRD §5.5).
   // Both user sends and auto-wake turns thread through one turn-runner so they
@@ -595,6 +622,29 @@ export async function createServer(overrides = {}) {
   // The registry persists ACROSS turns (a background job outlives the `claude -p`
   // process that spawned it), so it lives here in server scope — never per-session.
   const bgTasks = createBackgroundTasks({ broadcast: broadcastTask });
+  // Feature/bug ticketing (item 7) — shared store with the support MCP (file_ticket),
+  // read by the Requests block + best-effort synced to the VentureWild team.
+  const tickets = createTickets({ env: { WILD_WORKSPACE_GLOBAL_DIR: path.dirname(bazaar.dir) } });
+  // Best-effort, degrade-never push of a ticket to bmo-sync (the team's tracker). If
+  // the route isn't deployed yet (or we're on localhost), this silently no-ops and the
+  // ticket still lives locally + shows in the Requests block (the locked degrade).
+  function syncTicket(rec) {
+    const baseUrl = config.bmoSyncServerUrl;
+    if (!baseUrl || baseUrl.startsWith('http://127') || baseUrl.startsWith('http://localhost')) return;
+    const ctrl = new AbortController();
+    const t = setTimeout(() => ctrl.abort(), 5000);
+    fetch(`${baseUrl.replace(/\/$/, '')}/api/tickets`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({
+        account_token: config.accountToken || null,
+        slug: config.account?.slug || null,
+        ticket: rec,
+      }),
+      signal: ctrl.signal,
+    }).catch(() => { /* degrade-never — local store is the source of truth */ })
+      .finally(() => clearTimeout(t));
+  }
 
   /**
    * Run one chat turn: spawn the agent, stream every chunk to every chat
@@ -635,6 +685,22 @@ export async function createServer(overrides = {}) {
     // the stored level + the per-message toggle through resolveAutonomyMode, whose
     // guardrail guarantees an unbuilt/unknown level can NEVER become bypassPermissions.
     if (!auto) mode = resolveAutonomyMode(settings.getAutonomyLevel(), mode);
+    // Per-session provider (items 13/14): look up THIS session's provider (locked at
+    // creation). GLM = the claude binary + GLM env; Claude = no override. The provider
+    // also drives the context-window denominator (item 3) — Claude 1M, GLM 200k.
+    const sessionId = threadId || MAIN_SESSION_ID;
+    const sessionStore = createChatSessions({ dataDir: workspace.dataDir });
+    let sessProvider = 'claude';
+    try { sessProvider = sessionStore.get(sessionId)?.provider || 'claude'; } catch { /* default claude */ }
+    const providerEnv = sessProvider === 'glm' ? glmEnv() : null;
+    if (sessProvider === 'glm' && !providerEnv && !auto) {
+      broadcastChat({
+        type: 'error',
+        messageId: id,
+        message: "GLM isn't connected on this machine. Add your GLM key in Settings → Providers to use a GLM chat.",
+      }, workspace.id, threadId);
+      return false;
+    }
     // Per-thread conversation (C3 on top of lobby M1): resume THIS thread's claude
     // session from the workspace dataDir, and tag every frame with the workspace +
     // thread so it streams only to the matching chat block.
@@ -647,18 +713,20 @@ export async function createServer(overrides = {}) {
     });
 
     let retried = false;
+    let lastContext = null; // freshest per-session context gauge, persisted on turn end
     const startTurn = () => {
       const startedAt = Date.now();
-      log('[chat]', `turn-begin id=${id} auto=${auto} mode=${mode || 'build'} promptChars=${(prompt || '').length}`);
+      log('[chat]', `turn-begin id=${id} auto=${auto} provider=${sessProvider} mode=${mode || 'build'} promptChars=${(prompt || '').length}`);
       const session = new AgentSession(activeAgent);
       currentTurns.set(key, { session, messageId: id, workspaceId: workspace.id, threadId });
       let sawError = false;
       session.on('chunk', (chunk) => {
         // The per-turn context signal (working-memory gauge, §8) feeds the usage
         // service, which pushes a `usage` WS frame. It's server-internal metadata —
-        // keep it OFF the chat stream so it never renders as an empty bubble.
+        // keep it OFF the chat stream so it never renders as an empty bubble. The
+        // window is provider-aware (item 3) — Claude 1M / GLM 200k.
         if (chunk.type === 'context' && chunk.usage) {
-          usage.setContext(chunk.usage, chunk.model);
+          lastContext = usage.setContext(chunk.usage, chunk.model, sessProvider);
           return;
         }
         if (chunk.type === 'error') sawError = true;
@@ -733,7 +801,10 @@ export async function createServer(overrides = {}) {
         // Keep the session list's recency honest even when the turn was driven from
         // another device (the message PUT is client-driven; this is server-side).
         try {
-          createChatSessions({ dataDir: workspace.dataDir }).touch(threadId || MAIN_SESSION_ID);
+          sessionStore.touch(sessionId);
+          // Persist this session's context gauge so the sidebar chip shows it even
+          // without a live turn (item 3).
+          if (lastContext) sessionStore.setContext(sessionId, lastContext);
         } catch { /* best-effort — never break a turn on a registry hiccup */ }
         broadcastChat({ type: 'end', messageId: id, code }, workspace.id, threadId);
         activityBus.publish({ type: 'chat-end', messageId: id, code });
@@ -742,6 +813,9 @@ export async function createServer(overrides = {}) {
         cwd: workspace.dir,
         mode,
         resumeSessionId: resumeId,
+        // GLM session → inject the GLM env onto the claude binary (item 14). Claude
+        // session → no override (uses the machine's Claude OAuth).
+        ...(providerEnv ? { env: providerEnv } : {}),
         // Auto-wake (import integration, plan mode) stays bazaar-free; only the
         // user's own turns get the marketplace tools + disposition.
         ...(auto ? {} : turnCtx),
@@ -1067,6 +1141,27 @@ export async function createServer(overrides = {}) {
     c.json({ status: 'ok', version: APP_VERSION, ts: Date.now() }),
   );
 
+  // Detect an EXISTING agent setup in a folder (item 15) — a CLAUDE.md, a .claude
+  // dir, .claude/agents, or AGENTS.md. When present, onboarding offers "adopt" instead
+  // of asking the user to create a parallel agent. We ONLY read these markers — the
+  // onboarding/identity path never writes to them (the kept invariant; identity lives
+  // in the sync-ignored <repo>/.wild-workspace scratch).
+  function detectExistingSetup(dir) {
+    const markers = [
+      ['CLAUDE.md', 'CLAUDE.md'],
+      ['.claude/agents', path.join('.claude', 'agents')],
+      ['.claude', '.claude'],
+      ['AGENTS.md', 'AGENTS.md'],
+    ];
+    const signals = [];
+    for (const [label, rel] of markers) {
+      try { if (existsSync(path.join(dir, rel))) signals.push(label); } catch { /* skip */ }
+    }
+    // .claude is implied by .claude/agents — don't list both.
+    const deduped = signals.includes('.claude/agents') ? signals.filter((s) => s !== '.claude') : signals;
+    return { hasConfig: deduped.length > 0, signals: deduped };
+  }
+
   app.get('/api/session', (c) => {
     const session = c.get('session');
     const role = c.get('role');
@@ -1098,6 +1193,9 @@ export async function createServer(overrides = {}) {
         : null,
       identity,
       onboarded: Boolean(identity?.onboardedAt),
+      // item 15: an existing CLAUDE.md/.claude in this folder → onboarding offers
+      // "adopt" (keep it) instead of asking the user to create a parallel agent.
+      existingSetup: detectExistingSetup(ws.dir),
       shareBaseUrl: config.shareBaseUrl,
       // `account` is set after the user runs `wild-workspace login`. The UI
       // uses it to show "you are <slug>" and to seed step 4 of onboarding
@@ -1758,6 +1856,72 @@ export async function createServer(overrides = {}) {
     return c.json({ ok, ...(_loginSession ? _loginSession.snapshot() : emptyLoginSnap) });
   });
 
+  // --- Providers (items 13/14) — machine-level credentials (Settings → Providers) --
+  // The per-session picker only CHOOSES a provider; connecting GLM / signing out of
+  // Claude are machine-level acts that live here. Owner-gated.
+  const glmKeyFile = () => process.env.GLM_KEY_FILE || path.join(config.home, '.glm-key');
+
+  app.get('/api/providers', (c) => {
+    const forbidden = require(c, 'chat');
+    if (forbidden) return forbidden;
+    return c.json({
+      glm: { connected: glmConnected() },
+      // Claude is the built-in default; `account` echoes who's signed in (if known).
+      claude: { connected: true, account: c.get('session')?.account?.email || null },
+    });
+  });
+
+  // Connect GLM — store the key at ~/.glm-key (single-line, never logged/committed,
+  // mode 600). The key is read straight off the body; it is NOT a financial/password
+  // field (it's a 3rd-party API token the user pastes deliberately).
+  app.post('/api/providers/glm', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const key = typeof body.key === 'string' ? body.key.replace(/\s+/g, '') : '';
+    if (!key || key.length < 8) return c.json({ error: 'invalid_key' }, 400);
+    try {
+      writeFileSync(glmKeyFile(), `${key}\n`, { mode: 0o600 });
+    } catch (e) {
+      return c.json({ error: 'write_failed', detail: String(e?.message || e) }, 500);
+    }
+    auditAction(c, 'providers.glm.connect', 'key stored');
+    return c.json({ ok: true, connected: glmConnected() });
+  });
+
+  // Disconnect GLM — remove the key file.
+  app.delete('/api/providers/glm', (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    try { unlinkSync(glmKeyFile()); } catch { /* already gone */ }
+    auditAction(c, 'providers.glm.disconnect', 'key removed');
+    return c.json({ ok: true, connected: glmConnected() });
+  });
+
+  // Sign out of Claude — `claude auth logout` (no browser needed; clears the OS
+  // credential). The user re-signs-in via the existing in-app PTY login. NOTE: this
+  // logs out the machine's Claude account that the agent runs under.
+  app.post('/api/auth/claude/logout', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const bin = activeAgent?.resolvedPath || 'claude';
+    const result = await new Promise((resolve) => {
+      try {
+        const p = spawn(bin, ['auth', 'logout'], { stdio: ['ignore', 'pipe', 'pipe'], windowsHide: true });
+        let out = '';
+        p.stdout.on('data', (d) => { out += d; });
+        p.stderr.on('data', (d) => { out += d; });
+        p.on('error', (e) => resolve({ ok: false, error: String(e?.message || e) }));
+        p.on('close', (code) => resolve({ ok: code === 0, code, out: out.slice(0, 400) }));
+      } catch (e) {
+        resolve({ ok: false, error: String(e?.message || e) });
+      }
+    });
+    _readinessCache = null; // auth state changed
+    auditAction(c, 'auth.claude.logout', `ok=${result.ok}`);
+    return c.json(result);
+  });
+
   app.post('/api/agent/identity', async (c) => {
     const forbidden = require(c, 'chatWrite');
     if (forbidden) return forbidden;
@@ -1790,6 +1954,30 @@ export async function createServer(overrides = {}) {
     }
   });
 
+  // Adopt an existing setup (item 15) — the user opened a folder that already has a
+  // CLAUDE.md/.claude, so we SKIP "create an agent" and just adopt the existing
+  // config: derive a display name from the folder, write ONLY the .wild-workspace
+  // scratch identity, and mark onboarded. We NEVER touch the user's CLAUDE.md/.claude.
+  app.post('/api/agent/adopt', (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const ws = workspaceFor(c);
+    const setup = detectExistingSetup(ws.dir);
+    if (!setup.hasConfig) return c.json({ error: 'no_existing_setup' }, 400);
+    // A friendly display name from the folder (the project's own name), e.g. "tickup"
+    // → "Tickup". The agent's behavior still comes from the existing CLAUDE.md/.claude.
+    const base = path.basename(ws.dir) || 'Agent';
+    const name = base.replace(/[-_]+/g, ' ').replace(/\b\w/g, (m) => m.toUpperCase()).slice(0, 40) || 'Agent';
+    try {
+      const saved = saveIdentity(ws.dataDir, { name, onboardedAt: Date.now() });
+      log('[onboarding]', `adopted existing setup (${setup.signals.join(', ')}) name=${saved.name}`);
+      activityBus.publish({ type: 'onboarded', at: saved.onboardedAt });
+      return c.json({ identity: saved, adopted: setup.signals });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
   // Consent toggle for the proactive observability feed (default-on — see
   // observability.mjs). Owner-only; applied live to the reporter, no restart.
   app.post('/api/observability/consent', async (c) => {
@@ -2597,6 +2785,44 @@ export async function createServer(overrides = {}) {
     return c.json({ id, output });
   });
 
+  // --- Feature/bug tickets (item 7) — the Requests block + the agent's file_ticket --
+  // The agent files via the support MCP (mcp__tickets__file_ticket) into the same
+  // store; the user files/updates here. Owner-gated. Tickets sync to the team's tracker
+  // best-effort, once each (a runaway list-poll never re-POSTs the same ticket).
+  const syncedTicketIds = new Set();
+  app.get('/api/workspace/tickets', (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const list = tickets.list();
+    for (const t of list) {
+      if (!syncedTicketIds.has(t.id)) { syncedTicketIds.add(t.id); syncTicket(t); }
+    }
+    return c.json({ tickets: list });
+  });
+  app.post('/api/workspace/tickets', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    if (!body.title || typeof body.title !== 'string') return c.json({ error: 'title_required' }, 400);
+    const rec = tickets.file({
+      title: body.title, desc: body.desc, category: body.category, severity: body.severity,
+      workspaceId: workspaceFor(c).id, source: 'user',
+    });
+    syncedTicketIds.add(rec.id); syncTicket(rec);
+    auditAction(c, 'tickets.file', `id=${rec.id} cat=${rec.category}`);
+    return c.json({ ticket: rec });
+  });
+  app.patch('/api/workspace/tickets/:id', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const rec = tickets.update(c.req.param('id'), { status: body.status, note: body.note });
+    if (!rec) return c.json({ error: 'not_found' }, 404);
+    syncTicket(rec);
+    auditAction(c, 'tickets.update', `id=${rec.id} status=${rec.status}`);
+    return c.json({ ticket: rec });
+  });
+
   // Stop a running background task — resolve who holds its output file open and kill
   // that tree (Restart Manager on Windows, lsof on Unix). Owner-only. We pass every
   // LIVE claude pid to exclude so a Stop during an in-flight turn can't kill the
@@ -2894,6 +3120,9 @@ export async function createServer(overrides = {}) {
           const lid = fromRailsId(slug, rs.id);
           const existing = byId.get(lid);
           byId.set(lid, {
+            // Preserve local-only fields (provider/context/titleSource) — they're
+            // per-host metadata the rails don't carry.
+            ...(existing || {}),
             id: lid,
             title: rs.title || existing?.title || (lid === MAIN_SESSION_ID ? 'Main' : null),
             account: rs.owner_email || existing?.account || 'local',
@@ -2913,18 +3142,33 @@ export async function createServer(overrides = {}) {
     const forbidden = require(c, 'chatWrite');
     if (forbidden) return forbidden;
     const body = await c.req.json().catch(() => ({}));
+    // Per-session provider (items 13/14) — locked at creation. A GLM chat requires GLM
+    // to be connected on this machine; reject otherwise so we never make a dead chat.
+    const provider = body.provider === 'glm' ? 'glm' : 'claude';
+    if (provider === 'glm' && !glmConnected()) {
+      return c.json({ error: 'glm_not_connected' }, 400);
+    }
     const rec = sessionsFor(c).create({
       title: typeof body.title === 'string' ? body.title : null,
       account: accountLabel(),
+      provider,
     });
     const slug = sharedSlugFor(c);
     if (slug && sessionRails.capable) {
       sessionRails.createSession(slug, railsId(slug, rec.id), rec.title).catch(() => {});
     }
-    auditAction(c, 'sessions.create', `id=${rec.id}`);
+    auditAction(c, 'sessions.create', `id=${rec.id} provider=${provider}`);
     return c.json({ session: rec });
   });
 
+  // The living-summary handoff (item 9) — the carry-the-gist payload for a fresh chat.
+  app.get('/api/sessions/:id/summary', (c) => {
+    const forbidden = require(c, 'chat');
+    if (forbidden) return forbidden;
+    const summary = sessionsFor(c).getSummary(c.req.param('id'));
+    return c.json({ summary: summary || null });
+  });
+
   app.get('/api/sessions/:id/messages', async (c) => {
     const forbidden = require(c, 'chat');
     if (forbidden) return forbidden;
@@ -3549,9 +3793,11 @@ export async function createServer(overrides = {}) {
         ws._sendTimes.push(now);
         // The turn-runner resumes THIS socket's workspace + thread conversation and
         // streams back only to the matching chat block (lobby M1 + C3).
+        // No client `mode` (item 10, 2026-06-21): the Build/Plan toggle was removed.
+        // runChatTurn resolves the permission mode from the stored autonomy dial
+        // (resolveAutonomyMode) — Full/unset → build, Check with me → read-only plan.
         runChatTurn({
           prompt: msg.text,
-          mode: msg.mode,
           messageId: msg.messageId,
           userText: msg.text,
           workspace: ws._wsWorkspace,

package/server/src/lobby-browse.mjs

@@ -22,6 +22,31 @@ function isDirSafe(p) {
   }
 }
 
+// Markers that mean "this folder already has your work" (item 6) — we want the lobby
+// to steer the user toward opening one of these over starting blank. A few cheap
+// existsSync checks per entry; we surface a short label list + a hasWork flag.
+const WORK_MARKERS = [
+  ['CLAUDE.md', 'CLAUDE.md'],
+  ['.claude', '.claude'],
+  ['.git', '.git'],
+  ['package.json', 'package.json'],
+  ['README.md', 'README.md'],
+  ['pyproject.toml', 'pyproject.toml'],
+  ['Cargo.toml', 'Cargo.toml'],
+  ['go.mod', 'go.mod'],
+  ['index.html', 'index.html'],
+];
+
+// Up to 3 signal labels for a folder (CLAUDE.md/.git/package.json/…), and hasWork.
+export function workSignals(dir) {
+  const signals = [];
+  for (const [label, rel] of WORK_MARKERS) {
+    try { if (fs.existsSync(path.join(dir, rel))) signals.push(label); } catch { /* skip */ }
+    if (signals.length >= 3) break;
+  }
+  return { hasWork: signals.length > 0, signals };
+}
+
 // The filesystem roots ("This PC"): on Windows each drive (C:\, D:\, …) is a
 // SEPARATE root with no common parent — without this, the picker is trapped on
 // the home drive (you could never browse to D:). We probe C–Z (A/B are legacy
@@ -104,8 +129,13 @@ export function browseDir(target) {
       if (d.isSymbolicLink()) return isDirSafe(path.join(abs, d.name));
       return false;
     })
-    .map((d) => ({ name: d.name, dir: path.join(abs, d.name) }))
-    .sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' }));
+    .map((d) => {
+      const dir = path.join(abs, d.name);
+      return { name: d.name, dir, ...workSignals(dir) };
+    })
+    // Folders that already have your work float to the top (item 6) — then alpha.
+    .sort((a, b) => (Number(b.hasWork) - Number(a.hasWork))
+      || a.name.localeCompare(b.name, undefined, { sensitivity: 'base' }));
   const parent = path.dirname(abs);
   return { path: abs, parent: parent !== abs ? parent : null, entries };
 }

package/server/src/support/index.mjs

@@ -0,0 +1,30 @@
+// Support runtime glue for the main server: the agent-facing system prompt and the
+// path to the support (tickets + check_preview) MCP server, wired into the turn's
+// --mcp-config by turn-mcp.mjs.
+
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+export const SUPPORT_MCP_SERVER_PATH = path.join(__dirname, 'mcp-server.mjs');
+
+// Appended to the agent's system prompt on user chat turns. Frames wild-workspace as
+// a tool the agent can drive "till a point": file/manage feature requests + bugs about
+// the workspace itself, and check the live preview — but NOT touch auth, keys, deletion,
+// or the user's files (those stay human-only). Plain language.
+export const SUPPORT_SYSTEM_PROMPT = [
+  "You can treat wild-workspace itself like a tool you operate. If you (or the user) hit something the",
+  "workspace is MISSING or doing wrong — a feature you wish it had, a bug — file a ticket with",
+  "mcp__tickets__file_ticket (title + a short desc + category/severity). It lands on the user's Requests",
+  "block and is traced by the VentureWild team, so the product gets better. Use list_tickets / update_ticket",
+  "to manage one over time (e.g. mark it done). File tickets for feedback about wild-workspace itself —",
+  "NOT for the user's own project work (that's just normal building).",
+  "",
+  "After you start a dev server for the user (npm run dev, etc.), call mcp__tickets__check_preview to",
+  "confirm it's actually serving and get its URL before pointing them at the Live view.",
+  "",
+  "Boundary: these are the only workspace-control actions you take on your own. You never change sign-in /",
+  "API keys, delete a workspace, alter support-access consent, or destroy the user's files — if something",
+  "needs one of those, ask the user to do it.",
+].join('\n');

package/server/src/support/mcp-server.mjs

@@ -0,0 +1,156 @@
+// Support MCP server — the agent-as-CLI surface for item 7 (ticketing) + a slice of
+// item 8 (check_preview). Same hand-rolled stdio JSON-RPC shape as the bazaar/canvas
+// MCP servers; `claude` spawns it per turn via --mcp-config and exposes the tools as
+// mcp__tickets__<name>. It shares the global state dir (WILD_WORKSPACE_GLOBAL_DIR), so
+// a filed ticket lands in the same store the main server's /api/workspace/tickets
+// reads — the Requests block then shows it (no chat-result wiring needed).
+//
+// BOUNDARY (item 7 "till a point") — these tools are deliberately the SAFE surface:
+// file/manage tickets, check the preview. They CANNOT touch auth/provider keys, delete
+// the workspace, change support consent, or destroy user files. Those stay human-only.
+//
+// stdout carries ONLY JSON-RPC; diagnostics go to stderr.
+
+import readline from 'node:readline';
+import { createTickets, CATEGORIES, SEVERITIES, STATUSES } from './tickets.mjs';
+import { detectPreviewPorts } from '../preview.mjs';
+
+const tickets = createTickets(); // baseDir from WILD_WORKSPACE_GLOBAL_DIR (set by parent)
+const PROTOCOL_VERSION = '2025-06-18';
+
+function send(msg) { process.stdout.write(`${JSON.stringify(msg)}\n`); }
+function result(id, res) { send({ jsonrpc: '2.0', id, result: res }); }
+function errorReply(id, code, message) { send({ jsonrpc: '2.0', id, error: { code, message } }); }
+function textContent(obj) { return { content: [{ type: 'text', text: JSON.stringify(obj) }] }; }
+
+const TOOLS = [
+  {
+    name: 'file_ticket',
+    description:
+      "File a feature request, bug, or question against THIS workspace when you (or the user) want " +
+      "something the workspace itself is missing or doing wrong. The ticket is tracked on the user's " +
+      "Requests block and synced to the VentureWild team. Use it for product feedback about wild-workspace " +
+      "(not for the user's own project work). Keep the title short and specific.",
+    inputSchema: {
+      type: 'object',
+      properties: {
+        title: { type: 'string', description: 'Short, specific summary (the headline).' },
+        desc: { type: 'string', description: 'What you need + why, repro steps for a bug (optional).' },
+        category: { type: 'string', enum: CATEGORIES, description: 'feature | bug | question | chore | other.' },
+        severity: { type: 'string', enum: SEVERITIES, description: 'low | medium | high.' },
+      },
+      required: ['title'],
+    },
+  },
+  {
+    name: 'list_tickets',
+    description: "List the requests filed for this workspace (id, title, status) so you can refer to or update one.",
+    inputSchema: { type: 'object', properties: {} },
+  },
+  {
+    name: 'update_ticket',
+    description:
+      "Update a ticket you filed — change its status or add a note. Use this to manage a request over time " +
+      "(e.g. mark it done once you've worked around it, or note new detail).",
+    inputSchema: {
+      type: 'object',
+      properties: {
+        id: { type: 'string', description: 'The ticket id from file_ticket / list_tickets.' },
+        status: { type: 'string', enum: STATUSES, description: 'open | planned | in-progress | done | wont-do.' },
+        note: { type: 'string', description: 'A short note to append (optional).' },
+      },
+      required: ['id'],
+    },
+  },
+  {
+    name: 'check_preview',
+    description:
+      "Check whether the user's dev server / live preview is up, and get its URL — use after you start a " +
+      "dev server (npm run dev, etc.) to confirm it's serving before telling the user to look at the Live view.",
+    inputSchema: { type: 'object', properties: {} },
+  },
+];
+
+async function callTool(name, args = {}) {
+  switch (name) {
+    case 'file_ticket': {
+      const rec = tickets.file({
+        title: args.title, desc: args.desc, category: args.category, severity: args.severity,
+        workspaceId: process.env.WILD_WORKSPACE_ID || null, source: 'agent',
+      });
+      return textContent({
+        kind: 'ticket', op: 'file', ticket: rec,
+        note: "Request filed. It's on the user's Requests block + synced to VentureWild. Tell them in one short line what you logged.",
+      });
+    }
+    case 'list_tickets': {
+      const list = tickets.list().map((t) => ({ id: t.id, title: t.title, status: t.status, category: t.category }));
+      return textContent({ kind: 'tickets', count: list.length, tickets: list });
+    }
+    case 'update_ticket': {
+      const rec = tickets.update(args.id, { status: args.status, note: args.note });
+      if (!rec) return { ...textContent({ kind: 'error', error: `no ticket "${args.id}"` }), isError: true };
+      return textContent({ kind: 'ticket', op: 'update', ticket: rec });
+    }
+    case 'check_preview': {
+      const found = await detectPreviewPorts();
+      const top = found[0] || null;
+      return textContent({
+        kind: 'preview',
+        rendered: Boolean(top),
+        url: top ? `http://localhost:${top.port}` : null,
+        ports: found.map((f) => f.port),
+        note: top
+          ? `A dev server is up on port ${top.port}. The user can open it in the Live view.`
+          : 'No dev server detected yet — start one (e.g. npm run dev), then check again.',
+      });
+    }
+    default:
+      return { ...textContent({ kind: 'error', error: `unknown tool ${name}` }), isError: true };
+  }
+}
+
+export function handleMessage(msg, reply = send) {
+  if (!msg || msg.jsonrpc !== '2.0') return undefined;
+  const { id, method, params } = msg;
+  const isNotification = id === undefined || id === null;
+  switch (method) {
+    case 'initialize':
+      return result(id, {
+        protocolVersion: params?.protocolVersion || PROTOCOL_VERSION,
+        capabilities: { tools: {} },
+        serverInfo: { name: 'tickets', version: '1.0.0' },
+      });
+    case 'notifications/initialized':
+    case 'initialized':
+      return undefined;
+    case 'ping':
+      return result(id, {});
+    case 'tools/list':
+      return result(id, { tools: TOOLS });
+    case 'tools/call':
+      // async — resolve then reply.
+      Promise.resolve(callTool(params?.name, params?.arguments || {}))
+        .then((out) => result(id, out))
+        .catch((e) => errorReply(id, -32603, `tool error: ${e?.message || e}`));
+      return undefined;
+    default:
+      if (!isNotification) errorReply(id, -32601, `method not found: ${method}`);
+      return undefined;
+  }
+}
+
+const isDirectRun = process.argv[1] && process.argv[1].endsWith('mcp-server.mjs') && process.argv[1].includes('support');
+if (isDirectRun) {
+  const rl = readline.createInterface({ input: process.stdin });
+  rl.on('line', (line) => {
+    const trimmed = line.trim();
+    if (!trimmed) return;
+    let msg;
+    try { msg = JSON.parse(trimmed); } catch { return; }
+    try { handleMessage(msg); } catch (e) { process.stderr.write(`tickets mcp error: ${e?.message || e}\n`); }
+  });
+  process.stderr.write('tickets mcp server ready\n');
+}
+
+export { TOOLS, callTool };