@vibecodetown/mcp-server 2.1.0

package/build/auth/token_cache.js

@@ -0,0 +1,122 @@
+import { homedir } from 'os';
+import { join } from 'path';
+import { readFile, writeFile, mkdir } from 'fs/promises';
+import { existsSync } from 'fs';
+import { AuthTokenFileSchema } from '../generated/auth_token_file.js';
+const CONFIG_DIR = join(homedir(), '.vibe-pm');
+const DEFAULT_TOKEN_FILE = join(CONFIG_DIR, 'auth-token.json');
+export class TokenCache {
+    memoryCache = null;
+    resolveTokenFilePath() {
+        const override = (process.env.VIBECODE_AUTH_TOKEN_FILE || '').trim();
+        return override || DEFAULT_TOKEN_FILE;
+    }
+    /**
+     * Get the cached token if it exists and is not expired
+     */
+    async get() {
+        // Check memory cache first
+        if (this.memoryCache) {
+            if (this.isValid(this.memoryCache)) {
+                return this.memoryCache;
+            }
+            this.memoryCache = null;
+        }
+        // Try to load from disk
+        const diskCache = await this.loadFromDisk();
+        if (diskCache && this.isValid(diskCache)) {
+            this.memoryCache = diskCache;
+            return diskCache;
+        }
+        return null;
+    }
+    /**
+     * Save a token to the cache
+     */
+    async set(cached) {
+        this.memoryCache = cached;
+        await this.saveToDisk(cached);
+    }
+    /**
+     * Clear the cached token
+     */
+    async clear() {
+        this.memoryCache = null;
+        await this.deleteFromDisk();
+    }
+    /**
+     * Check if a cached token is still valid (not expired)
+     */
+    isValid(cached) {
+        const now = Math.floor(Date.now() / 1000);
+        // Consider expired 60 seconds early to avoid edge cases
+        return cached.expiresAt > now + 60;
+    }
+    /**
+     * Check if the token needs refresh (expired or will expire soon)
+     */
+    needsRefresh(cached, bufferSeconds = 300) {
+        const now = Math.floor(Date.now() / 1000);
+        return cached.expiresAt < now + bufferSeconds;
+    }
+    /**
+     * Load token from disk
+     */
+    async loadFromDisk() {
+        try {
+            const tokenFile = this.resolveTokenFilePath();
+            if (!existsSync(tokenFile)) {
+                return null;
+            }
+            const data = await readFile(tokenFile, 'utf-8');
+            const raw = JSON.parse(data);
+            const validated = AuthTokenFileSchema.safeParse(raw);
+            if (!validated.success) {
+                return null;
+            }
+            return validated.data;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Save token to disk
+     */
+    async saveToDisk(cached) {
+        try {
+            // Ensure config directory exists
+            if (!existsSync(CONFIG_DIR)) {
+                await mkdir(CONFIG_DIR, { recursive: true, mode: 0o700 });
+            }
+            // Write with restricted permissions
+            const sealed = AuthTokenFileSchema.parse(cached);
+            const data = JSON.stringify(sealed, null, 2);
+            await writeFile(this.resolveTokenFilePath(), data, { mode: 0o600 });
+        }
+        catch (error) {
+            console.error('Failed to save token to disk:', error);
+        }
+    }
+    /**
+     * Delete token from disk
+     */
+    async deleteFromDisk() {
+        try {
+            const tokenFile = this.resolveTokenFilePath();
+            if (existsSync(tokenFile)) {
+                const { unlink } = await import('fs/promises');
+                await unlink(tokenFile);
+            }
+        }
+        catch {
+            // Ignore errors when deleting
+        }
+    }
+    /**
+     * Get the token file path (for debugging)
+     */
+    getTokenFilePath() {
+        return this.resolveTokenFilePath();
+    }
+}

package/build/auth/token_verifier.js

@@ -0,0 +1,103 @@
+import * as jose from 'jose';
+import { PUBLIC_KEY, JWT_ISSUER, JWT_AUDIENCE } from './public_key.js';
+export class TokenVerifier {
+    publicKey = null;
+    /**
+     * Initialize the public key
+     */
+    async getPublicKey() {
+        if (this.publicKey) {
+            return this.publicKey;
+        }
+        this.publicKey = await jose.importSPKI(PUBLIC_KEY, 'ES256');
+        return this.publicKey;
+    }
+    /**
+     * Verify a JWT token offline using the embedded public key
+     */
+    async verify(token) {
+        try {
+            const key = await this.getPublicKey();
+            const { payload } = await jose.jwtVerify(token, key, {
+                issuer: JWT_ISSUER,
+                audience: JWT_AUDIENCE,
+            });
+            // Extract and validate claims
+            if (!payload.sub || !payload.ent || !payload.pol) {
+                return { success: false, error: 'invalid_token' };
+            }
+            const verified = {
+                subjectId: payload.sub,
+                entitlements: payload.ent,
+                policy: payload.pol,
+                issuedAt: payload.iat || 0,
+                expiresAt: payload.exp || 0,
+            };
+            return { success: true, token: verified };
+        }
+        catch (error) {
+            // Map jose errors to our error types
+            if (error instanceof jose.errors.JWTExpired) {
+                return { success: false, error: 'expired_token' };
+            }
+            if (error instanceof jose.errors.JWSSignatureVerificationFailed) {
+                return { success: false, error: 'invalid_signature' };
+            }
+            if (error instanceof jose.errors.JWTClaimValidationFailed) {
+                const message = error.message || '';
+                if (message.includes('iss')) {
+                    return { success: false, error: 'invalid_issuer' };
+                }
+                if (message.includes('aud')) {
+                    return { success: false, error: 'invalid_audience' };
+                }
+            }
+            return { success: false, error: 'invalid_token' };
+        }
+    }
+    /**
+     * Quick check if a token is expired without full verification
+     */
+    isExpired(token) {
+        try {
+            const decoded = jose.decodeJwt(token);
+            if (!decoded.exp) {
+                return true;
+            }
+            const now = Math.floor(Date.now() / 1000);
+            return decoded.exp < now;
+        }
+        catch {
+            return true;
+        }
+    }
+    /**
+     * Get the time until token expires (in seconds)
+     * Returns 0 if expired or invalid
+     */
+    getTimeUntilExpiry(token) {
+        try {
+            const decoded = jose.decodeJwt(token);
+            if (!decoded.exp) {
+                return 0;
+            }
+            const now = Math.floor(Date.now() / 1000);
+            const remaining = decoded.exp - now;
+            return Math.max(0, remaining);
+        }
+        catch {
+            return 0;
+        }
+    }
+    /**
+     * Decode token without verification (for debugging)
+     */
+    decode(token) {
+        try {
+            return jose.decodeJwt(token);
+        }
+        catch {
+            return null;
+        }
+    }
+}

package/build/bootstrap/doctor.js

@@ -0,0 +1,115 @@
+// adapters/mcp-ts/src/bootstrap/doctor.ts
+// Health check tool for installation status
+import { ensureEngines, getEngineHealth, checkUpdates, validateCache } from "./installer.js";
+import { ENGINE_SPECS } from "./registry.js";
+/**
+ * Check engine installation status and return detailed health info
+ * Triggers installation if engines are missing or outdated
+ */
+export async function doctor() {
+    try {
+        // First, get current health status
+        const healthBefore = await getEngineHealth();
+        // Count issues
+        const summary = {
+            total: healthBefore.length,
+            ok: healthBefore.filter((h) => h.status === "ok").length,
+            needsUpdate: healthBefore.filter((h) => h.status === "needs_update").length,
+            missing: healthBefore.filter((h) => h.status === "missing").length,
+            corrupted: healthBefore.filter((h) => h.status === "corrupted").length
+        };
+        // If anything needs attention, trigger installation
+        if (summary.ok < summary.total) {
+            await ensureEngines();
+        }
+        // Get updated health status
+        const healthAfter = await getEngineHealth();
+        // Build result
+        const engines = {};
+        for (const h of healthAfter) {
+            engines[h.name] = {
+                version: h.version,
+                currentVersion: h.currentVersion,
+                path: h.path,
+                status: h.status
+            };
+        }
+        // Update summary
+        const summaryAfter = {
+            total: healthAfter.length,
+            ok: healthAfter.filter((h) => h.status === "ok").length,
+            needsUpdate: healthAfter.filter((h) => h.status === "needs_update").length,
+            missing: healthAfter.filter((h) => h.status === "missing").length,
+            corrupted: healthAfter.filter((h) => h.status === "corrupted").length
+        };
+        // Determine overall status
+        let status = "OK";
+        if (summaryAfter.missing > 0 || summaryAfter.corrupted > 0) {
+            status = "ERROR";
+        }
+        else if (summaryAfter.needsUpdate > 0) {
+            status = "NEEDS_UPDATE";
+        }
+        return {
+            status,
+            engines,
+            summary: summaryAfter
+        };
+    }
+    catch (e) {
+        return {
+            status: "ERROR",
+            engines: {},
+            summary: {
+                total: Object.keys(ENGINE_SPECS).length,
+                ok: 0,
+                needsUpdate: 0,
+                missing: Object.keys(ENGINE_SPECS).length,
+                corrupted: 0
+            },
+            error: e instanceof Error ? e.message : String(e)
+        };
+    }
+}
+/**
+ * Quick health check without triggering installation
+ */
+export async function healthCheck() {
+    const health = await getEngineHealth();
+    const allOk = health.every((h) => h.status === "ok");
+    return {
+        status: allOk ? "OK" : "NEEDS_ATTENTION",
+        engines: health
+    };
+}
+/**
+ * Check for available updates
+ */
+export async function checkForUpdates() {
+    const updates = await checkUpdates();
+    const hasUpdates = Object.values(updates).some((u) => u.needsUpdate);
+    const result = {};
+    for (const [name, info] of Object.entries(updates)) {
+        if (info.needsUpdate) {
+            result[name] = {
+                current: info.current,
+                required: info.required
+            };
+        }
+    }
+    return {
+        hasUpdates,
+        updates: result
+    };
+}
+/**
+ * Validate cache integrity
+ */
+export async function validateCacheIntegrity() {
+    const cacheStatus = await validateCache();
+    const valid = Object.values(cacheStatus).every((c) => c.valid);
+    return {
+        valid,
+        engines: cacheStatus
+    };
+}