@vibekiln/cutline-mcp-cli 0.12.0 → 0.14.0

package/dist/servers/{chunk-RUCYK3TR.js → chunk-EWUELVO2.js}

@@ -3,6 +3,21 @@ import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import fs from "fs";
 import path from "path";
 import os from "os";
+
+// ../mcp/dist/mcp/src/auth-cache.js
+function buildTokenCredentialKey(refreshToken, environment) {
+  return `${environment ?? "production"}:${refreshToken}`;
+}
+function shouldReuseResolvedAuthCache(options) {
+  const now = options.now ?? Date.now();
+  if (!options.cachedIdToken || !options.cachedBaseUrl)
+    return false;
+  if (!options.tokenExpiresAt || now >= options.tokenExpiresAt)
+    return false;
+  return options.cachedCredentialKey === buildTokenCredentialKey(options.refreshToken, options.environment);
+}
+
+// ../mcp/dist/mcp/src/utils.js
 function decodeIdTokenLocally(idToken) {
   const parts = idToken.split(".");
   if (parts.length !== 3) {
@@ -162,34 +177,63 @@ function cleanupTokenCache() {
   }
   lastCleanup = now;
 }
-function getCachedToken(refreshToken) {
+function getCachedToken(refreshToken, environment) {
+  const cacheKey = buildTokenCredentialKey(refreshToken, environment);
   if (Date.now() - lastCleanup > CACHE_CLEANUP_INTERVAL) {
     cleanupTokenCache();
   }
-  const cached = tokenCache.get(refreshToken);
+  const cached = tokenCache.get(cacheKey);
   if (!cached) {
     return null;
   }
   if (Date.now() >= cached.expiresAt) {
-    tokenCache.delete(refreshToken);
+    tokenCache.delete(cacheKey);
     return null;
   }
   cached.lastUsed = Date.now();
-  tokenCache.delete(refreshToken);
-  tokenCache.set(refreshToken, cached);
+  tokenCache.delete(cacheKey);
+  tokenCache.set(cacheKey, cached);
   return cached.idToken;
 }
-function setCachedToken(refreshToken, idToken, expiresAt) {
+function setCachedToken(refreshToken, idToken, expiresAt, environment) {
+  const cacheKey = buildTokenCredentialKey(refreshToken, environment);
   if (tokenCache.size >= MAX_CACHE_SIZE) {
     cleanupTokenCache();
   }
-  tokenCache.delete(refreshToken);
-  tokenCache.set(refreshToken, {
+  tokenCache.delete(cacheKey);
+  tokenCache.set(cacheKey, {
     idToken,
     expiresAt,
     lastUsed: Date.now()
   });
 }
+function clearCachedAutoAuthState(options) {
+  if (!options?.refreshToken) {
+    tokenCache.clear();
+    cachedApiKey = null;
+    return;
+  }
+  tokenCache.delete(buildTokenCredentialKey(options.refreshToken, options.environment));
+}
+async function resolveStoredIdToken(options) {
+  const { refreshToken, environment, forceRefresh = false } = options;
+  if (!forceRefresh) {
+    const cached = getCachedToken(refreshToken, environment);
+    if (cached) {
+      return cached;
+    }
+  }
+  const apiKeyToUse = await getFirebaseApiKey(environment);
+  try {
+    const idToken = await exchangeRefreshToken(refreshToken, apiKeyToUse);
+    setCachedToken(refreshToken, idToken, Date.now() + 50 * 60 * 1e3, environment);
+    return idToken;
+  } catch (e) {
+    console.error("Token exchange failed:", e);
+    clearCachedAutoAuthState({ refreshToken, environment });
+    return void 0;
+  }
+}
 var cachedApiKey = null;
 var API_KEY_CACHE_TTL = 36e5;
 async function getFirebaseApiKey(environment) {
@@ -354,53 +398,82 @@ async function getStoredToken() {
   }
   return null;
 }
+function getForcedEnvironment() {
+  const raw = process.env.CUTLINE_ENV?.trim().toLowerCase();
+  if (raw === "staging")
+    return "staging";
+  if (raw === "production" || raw === "prod")
+    return "production";
+  return void 0;
+}
+function mergeEnvironmentOrThrow(resolved, sourceLabel) {
+  const forced = getForcedEnvironment();
+  if (!forced)
+    return resolved;
+  if (resolved && resolved !== forced) {
+    throw new McpError(ErrorCode.InvalidRequest, `Environment mismatch: CUTLINE_ENV=${forced} but ${sourceLabel} is ${resolved}. ` + `Run cutline-mcp login ${forced === "staging" ? "--staging" : ""}`.trim());
+  }
+  return forced;
+}
 async function requirePremiumWithAutoAuth(authToken) {
   let idToken = authToken;
-  let environment;
+  let environment = getForcedEnvironment();
+  let storedTokenInfo = null;
   if (!idToken) {
-    const storedTokenInfo = await getStoredToken();
-    environment = storedTokenInfo?.environment;
+    storedTokenInfo = await getStoredToken();
+    environment = mergeEnvironmentOrThrow(storedTokenInfo?.environment, "stored refresh token");
     if (storedTokenInfo) {
-      const { refreshToken } = storedTokenInfo;
-      const apiKeyToUse = await getFirebaseApiKey(environment || "production");
-      const cached = getCachedToken(refreshToken);
-      if (cached) {
-        idToken = cached;
-      } else {
-        try {
-          idToken = await exchangeRefreshToken(refreshToken, apiKeyToUse);
-          setCachedToken(refreshToken, idToken, Date.now() + 50 * 60 * 1e3);
-        } catch (e) {
-          console.error("Token exchange failed:", e);
-          tokenCache.delete(refreshToken);
-        }
-      }
+      idToken = await resolveStoredIdToken({
+        refreshToken: storedTokenInfo.refreshToken,
+        environment: environment || "production"
+      });
+    }
+  }
+  try {
+    return await requirePremium(idToken, environment);
+  } catch (error) {
+    if (!authToken && storedTokenInfo) {
+      clearCachedAutoAuthState({
+        refreshToken: storedTokenInfo.refreshToken,
+        environment: environment || "production"
+      });
+      const refreshedIdToken = await resolveStoredIdToken({
+        refreshToken: storedTokenInfo.refreshToken,
+        environment: environment || "production",
+        forceRefresh: true
+      });
+      return await requirePremium(refreshedIdToken, environment);
     }
+    throw error;
   }
-  return await requirePremium(idToken, environment);
 }
 async function requireAuthOnly(authToken) {
   let idToken = authToken;
+  let storedTokenInfo = null;
+  let environment;
   if (!idToken) {
-    const storedTokenInfo = await getStoredToken();
+    storedTokenInfo = await getStoredToken();
     if (storedTokenInfo) {
-      const { refreshToken, environment } = storedTokenInfo;
-      const apiKeyToUse = await getFirebaseApiKey(environment || "production");
-      const cached = getCachedToken(refreshToken);
-      if (cached) {
-        idToken = cached;
-      } else {
-        try {
-          idToken = await exchangeRefreshToken(refreshToken, apiKeyToUse);
-          setCachedToken(refreshToken, idToken, Date.now() + 50 * 60 * 1e3);
-        } catch (e) {
-          console.error("Token exchange failed:", e);
-          tokenCache.delete(refreshToken);
-        }
-      }
+      environment = mergeEnvironmentOrThrow(storedTokenInfo.environment, "stored refresh token");
+      idToken = await resolveStoredIdToken({
+        refreshToken: storedTokenInfo.refreshToken,
+        environment: environment || "production"
+      });
     }
   }
-  const decoded = await validateAuth(idToken);
+  let decoded = await validateAuth(idToken);
+  if (!decoded && !authToken && storedTokenInfo) {
+    clearCachedAutoAuthState({
+      refreshToken: storedTokenInfo.refreshToken,
+      environment: environment || "production"
+    });
+    const refreshedIdToken = await resolveStoredIdToken({
+      refreshToken: storedTokenInfo.refreshToken,
+      environment: environment || "production",
+      forceRefresh: true
+    });
+    decoded = await validateAuth(refreshedIdToken);
+  }
   if (!decoded) {
     throw new McpError(ErrorCode.InvalidRequest, "Authentication required. Run 'cutline-mcp login' to authenticate.");
   }
@@ -420,10 +493,59 @@ async function resolveAuthContextFree(authToken) {
 function getBaseUrl(environment) {
   return environment === "staging" ? "https://us-central1-cutline-staging.cloudfunctions.net" : "https://us-central1-cutline-prod.cloudfunctions.net";
 }
+var STAGING_UNSUFFIXED_FUNCTIONS = /* @__PURE__ */ new Set([
+  // Intentionally deployed without env suffix in staging.
+  "applyWikiEdits",
+  "mcpGenerateTokenG2",
+  "mcpSubscriptionStatus"
+]);
+function resolveFunctionEndpointName(functionName, environment) {
+  if (environment !== "staging")
+    return functionName;
+  if (STAGING_UNSUFFIXED_FUNCTIONS.has(functionName))
+    return functionName;
+  return `${functionName}-stg`;
+}
 function getSiteUrl(environment) {
   return environment === "staging" ? "https://cutline-staging.web.app" : "https://thecutline.ai";
 }
+function getAppApiBaseUrl(environment) {
+  const override = process.env.CUTLINE_APP_API_BASE_URL?.trim() || process.env.CUTLINE_SSR_BASE_URL?.trim() || process.env.SSR_BASE_URL?.trim();
+  if (override) {
+    return override.replace(/\/+$/, "");
+  }
+  return environment === "staging" ? "https://ssrcutlinestaging-vi2gngz52a-uc.a.run.app" : "https://ssrcutline-y74odqxy3q-uc.a.run.app";
+}
+function getForcedEnvironment2() {
+  const raw = process.env.CUTLINE_ENV?.trim().toLowerCase();
+  if (raw === "staging")
+    return "staging";
+  if (raw === "production" || raw === "prod")
+    return "production";
+  return void 0;
+}
+function mergeEnvironment(resolved, sourceLabel) {
+  const forced = getForcedEnvironment2();
+  if (!forced) {
+    return resolved || "production";
+  }
+  if (resolved && resolved !== forced) {
+    throw new Error(`Environment mismatch: CUTLINE_ENV=${forced} but ${sourceLabel} is ${resolved}. ` + `Run cutline-mcp login ${forced === "staging" ? "--staging" : ""}`.trim());
+  }
+  return forced;
+}
+var __dataClientInternals = {
+  getBaseUrl,
+  resolveFunctionEndpointName,
+  getSiteUrl,
+  getAppApiBaseUrl,
+  mergeEnvironment
+};
 async function getPublicSiteUrlForCurrentAuth() {
+  const forced = getForcedEnvironment2();
+  if (forced) {
+    return getSiteUrl(forced);
+  }
   const stored = await getStoredToken();
   if (stored?.environment) {
     return getSiteUrl(stored.environment);
@@ -436,7 +558,14 @@ async function getPublicSiteUrlForCurrentAuth() {
 }
 var cachedBaseUrl;
 var cachedIdToken;
+var cachedCredentialKey;
 var tokenExpiresAt = 0;
+function clearResolvedAuthCache() {
+  cachedBaseUrl = void 0;
+  cachedIdToken = void 0;
+  cachedCredentialKey = void 0;
+  tokenExpiresAt = 0;
+}
 var FIREBASE_API_KEY_CACHE = {};
 async function getFirebaseApiKey2(environment) {
   const envKey = process.env.FIREBASE_API_KEY || process.env.NEXT_PUBLIC_FIREBASE_API_KEY;
@@ -478,50 +607,76 @@ async function exchangeRefreshForId(refreshToken, environment) {
 async function resolveAuth() {
   const envApiKeyInfo = getStoredApiKey({ includeConfig: false });
   if (envApiKeyInfo) {
+    const env = mergeEnvironment(envApiKeyInfo.environment, "CUTLINE_API_KEY credentials");
     return {
-      baseUrl: getBaseUrl(envApiKeyInfo.environment),
-      idToken: envApiKeyInfo.apiKey
+      baseUrl: getBaseUrl(env),
+      idToken: envApiKeyInfo.apiKey,
+      environment: env
     };
   }
-  if (cachedIdToken && Date.now() < tokenExpiresAt && cachedBaseUrl) {
-    return { baseUrl: cachedBaseUrl, idToken: cachedIdToken };
-  }
   const stored = await getStoredToken();
   if (stored) {
-    const env = stored.environment || "production";
+    const env = mergeEnvironment(stored.environment, "stored refresh token");
+    const credentialKey = buildTokenCredentialKey(stored.refreshToken, env);
+    if (shouldReuseResolvedAuthCache({
+      cachedCredentialKey,
+      cachedIdToken,
+      cachedBaseUrl,
+      tokenExpiresAt,
+      refreshToken: stored.refreshToken,
+      environment: env
+    })) {
+      return { baseUrl: getBaseUrl(env), idToken: cachedIdToken, environment: env };
+    }
+    if (cachedCredentialKey && cachedCredentialKey !== credentialKey) {
+      clearResolvedAuthCache();
+    }
     const baseUrl = getBaseUrl(env);
     const idToken = await exchangeRefreshForId(stored.refreshToken, env);
     cachedBaseUrl = baseUrl;
     cachedIdToken = idToken;
+    cachedCredentialKey = credentialKey;
     tokenExpiresAt = Date.now() + 50 * 60 * 1e3;
-    return { baseUrl, idToken };
+    return { baseUrl, idToken, environment: env };
+  }
+  if (cachedCredentialKey) {
+    clearResolvedAuthCache();
   }
   const configApiKeyInfo = getStoredApiKey();
   if (configApiKeyInfo) {
+    const env = mergeEnvironment(configApiKeyInfo.environment, "stored API key");
     return {
-      baseUrl: getBaseUrl(configApiKeyInfo.environment),
-      idToken: configApiKeyInfo.apiKey
+      baseUrl: getBaseUrl(env),
+      idToken: configApiKeyInfo.apiKey,
+      environment: env
     };
   }
   throw new Error("Not authenticated. Run 'cutline-mcp login' or set CUTLINE_API_KEY.");
 }
+async function performAuthedRequest(makeRequest) {
+  let auth = await resolveAuth();
+  let response = await makeRequest(auth);
+  if (response.status === 401) {
+    clearResolvedAuthCache();
+    auth = await resolveAuth();
+    response = await makeRequest(auth);
+  }
+  return response;
+}
 async function proxy(action, params = {}) {
-  const { baseUrl, idToken } = await resolveAuth();
-  const res = await fetch(`${baseUrl}/mcpDataProxy`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${idToken}`
-    },
-    body: JSON.stringify({ action, params }),
-    signal: AbortSignal.timeout(3e4)
+  const res = await performAuthedRequest(async ({ baseUrl, idToken, environment }) => {
+    const endpoint = resolveFunctionEndpointName("mcpDataProxy", environment);
+    return fetch(`${baseUrl}/${endpoint}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${idToken}`
+      },
+      body: JSON.stringify({ action, params }),
+      signal: AbortSignal.timeout(3e4)
+    });
   });
   if (!res.ok) {
-    if (res.status === 401) {
-      cachedIdToken = void 0;
-      tokenExpiresAt = 0;
-      throw new Error("Authentication expired \u2014 retrying on next call");
-    }
     const body = await res.text().catch(() => "");
     throw new Error(`mcpDataProxy ${action} failed (${res.status}): ${body.slice(0, 200)}`);
   }
@@ -569,6 +724,30 @@ async function listExplorationSessions(collection, limit) {
   const res = await proxy("exploration.list", { collection, limit });
   return res.docs;
 }
+async function listEngagements(opts) {
+  const res = await proxy("engagement.list", opts || {});
+  return res.docs;
+}
+async function getEngagement(id) {
+  const res = await proxy("engagement.get", { id });
+  return res.doc;
+}
+async function createEngagement(data) {
+  return proxy("engagement.create", data);
+}
+async function updateEngagement(id, data) {
+  return proxy("engagement.update", { id, ...data });
+}
+async function attachDeepDiveToEngagement(engagementId, deepDiveId) {
+  return proxy("engagement.attachDeepDive", { engagementId, deepDiveId });
+}
+async function summarizeEngagement(id) {
+  const res = await proxy("engagement.summarize", { id });
+  return res.doc;
+}
+async function selectEngagementProduct(id, primaryProductId) {
+  return proxy("engagement.selectProduct", { id, primaryProductId });
+}
 async function getAllEntities(productId) {
   const res = await proxy("graph.getEntities", { productId });
   return res.docs.map((d) => ({ ...d, ingested_at: new Date(d.ingested_at?._seconds ? d.ingested_at._seconds * 1e3 : d.ingested_at) }));
@@ -846,44 +1025,60 @@ async function getPersona(personaId) {
   return res.doc;
 }
 async function callCF(functionName, body, timeoutMs = 6e4) {
-  const { baseUrl, idToken } = await resolveAuth();
-  const res = await fetch(`${baseUrl}/${functionName}`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${idToken}`
-    },
-    body: JSON.stringify(body),
-    signal: AbortSignal.timeout(timeoutMs)
+  const res = await performAuthedRequest(async ({ baseUrl, idToken, environment }) => {
+    const endpoint = resolveFunctionEndpointName(functionName, environment);
+    return fetch(`${baseUrl}/${endpoint}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${idToken}`
+      },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(timeoutMs)
+    });
   });
   if (!res.ok) {
-    if (res.status === 401) {
-      cachedIdToken = void 0;
-      tokenExpiresAt = 0;
-    }
     const text = await res.text().catch(() => "");
     throw new Error(`CF ${functionName} failed (${res.status}): ${text.slice(0, 300)}`);
   }
   return res.json();
 }
 async function callCFGet(functionName, query, timeoutMs = 3e4) {
-  const { baseUrl, idToken } = await resolveAuth();
-  const qs = new URLSearchParams(query).toString();
-  const res = await fetch(`${baseUrl}/${functionName}?${qs}`, {
-    method: "GET",
-    headers: { Authorization: `Bearer ${idToken}` },
-    signal: AbortSignal.timeout(timeoutMs)
+  const res = await performAuthedRequest(async ({ baseUrl, idToken, environment }) => {
+    const endpoint = resolveFunctionEndpointName(functionName, environment);
+    const qs = new URLSearchParams(query).toString();
+    return fetch(`${baseUrl}/${endpoint}?${qs}`, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${idToken}` },
+      signal: AbortSignal.timeout(timeoutMs)
+    });
   });
   if (!res.ok) {
-    if (res.status === 401) {
-      cachedIdToken = void 0;
-      tokenExpiresAt = 0;
-    }
     const text = await res.text().catch(() => "");
     throw new Error(`CF ${functionName} failed (${res.status}): ${text.slice(0, 300)}`);
   }
   return res.json();
 }
+async function callAppApi(apiPath, body, timeoutMs = 12e4) {
+  const normalizedPath = apiPath.startsWith("/") ? apiPath : `/${apiPath}`;
+  const response = await performAuthedRequest(async ({ idToken, environment }) => {
+    const appBaseUrl = getAppApiBaseUrl(environment);
+    return fetch(`${appBaseUrl}${normalizedPath}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${idToken}`
+      },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(timeoutMs)
+    });
+  });
+  if (!response.ok) {
+    const text = await response.text().catch(() => "");
+    throw new Error(`API ${normalizedPath} failed (${response.status}): ${text.slice(0, 300)}`);
+  }
+  return response.json();
+}
 async function cfGenerateTrialRun(prompt) {
   const res = await callCF("trialRun", { prompt });
   return res.text;
@@ -923,6 +1118,9 @@ async function cfPremortemRun(input) {
 async function cfPremortemStart(input) {
   return callCF("premortemStart", input, 3e4);
 }
+async function cfPremortemStatus(jobId) {
+  return callCFGet("premortemStatus", { id: jobId }, 3e4);
+}
 async function cfPremortemKick(jobId) {
   return callCF("premortemKick", { id: jobId }, 6e5);
 }
@@ -1017,6 +1215,41 @@ async function getPodcastIntroductions(productId, format = "json") {
   }
   return { format: "json", participants: introductions };
 }
+async function upsertSlopburnRun(runId, data) {
+  return proxy("slopburn.upsertRun", { runId, data });
+}
+async function getSlopburnRun(runId) {
+  const res = await proxy("slopburn.getRun", { runId });
+  return res.doc;
+}
+async function listSlopburnRuns(limit = 20) {
+  const res = await proxy("slopburn.listRuns", { limit });
+  return res.docs;
+}
+async function getGeneratedTestArtifactBundle(artifactBundleId) {
+  const res = await proxy("verification.getGeneratedTestArtifactBundle", { artifactBundleId });
+  return res.doc;
+}
+async function enqueueVerificationCycleJob(input) {
+  return proxy("verification.enqueueCycleJob", input);
+}
+async function getVerificationCycleJob(jobId) {
+  const res = await proxy("verification.getCycleJob", { jobId });
+  return res.doc;
+}
+async function getVerificationTestExecutionJob(jobId) {
+  const res = await proxy("verification.getTestExecutionJob", { jobId });
+  return res.doc;
+}
+async function submitVerificationTestExecution(input) {
+  return proxy("verification.submitTestExecution", input);
+}
+async function runVerificationCycle(input) {
+  return callAppApi("/api/verification/cycle", input, 6e5);
+}
+async function ingestVerificationIntent(input) {
+  return callAppApi("/api/verification/ingest-intent", input, 12e4);
+}
 
 export {
   validateRequestSize,
@@ -1027,6 +1260,7 @@ export {
   getStoredInstallId,
   requirePremiumWithAutoAuth,
   resolveAuthContextFree,
+  __dataClientInternals,
   getPublicSiteUrlForCurrentAuth,
   listPremortems,
   getPremortem,
@@ -1040,6 +1274,13 @@ export {
   getExplorationSession,
   updateExplorationSession,
   listExplorationSessions,
+  listEngagements,
+  getEngagement,
+  createEngagement,
+  updateEngagement,
+  attachDeepDiveToEngagement,
+  summarizeEngagement,
+  selectEngagementProduct,
   getAllEntities,
   upsertEntities,
   addEntity,
@@ -1096,6 +1337,7 @@ export {
   cfApplyEdits,
   cfPremortemRun,
   cfPremortemStart,
+  cfPremortemStatus,
   cfPremortemKick,
   cfPremortemChatAgent,
   cfRegenAssumptions,
@@ -1105,5 +1347,15 @@ export {
   cfExplorationAgent,
   cfConsultingDiscoveryAgent,
   cfCreateLinearIssues,
-  getPodcastIntroductions
+  getPodcastIntroductions,
+  upsertSlopburnRun,
+  getSlopburnRun,
+  listSlopburnRuns,
+  getGeneratedTestArtifactBundle,
+  enqueueVerificationCycleJob,
+  getVerificationCycleJob,
+  getVerificationTestExecutionJob,
+  submitVerificationTestExecution,
+  runVerificationCycle,
+  ingestVerificationIntent
 };