npm - @wipcomputer/wip-ldm-os - Versions diffs - 0.4.79 → 0.4.81 - Mend

@wipcomputer/wip-ldm-os 0.4.79 → 0.4.81

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/SKILL.md +1 -1
package/bin/ldm.js +57 -0
package/lib/deploy.mjs +149 -3
package/package.json +2 -1
package/scripts/test-skill-frontmatter.mjs +44 -0

package/SKILL.md CHANGED Viewed

@@ -9,7 +9,7 @@ license: MIT
 compatibility: Requires git, npm, node. Node.js 18+.
 metadata:
   display-name: "LDM OS"
-  version: "0.4.79"
+  version: "0.4.81"
   homepage: "https://github.com/wipcomputer/wip-ldm-os"
   author: "Parker Todd Brooks"
   category: infrastructure

package/bin/ldm.js CHANGED Viewed

@@ -2892,6 +2892,63 @@ async function cmdDoctor() {
     cleanupStaleClaudeCodeEnv();
   }
+  // 3b. MCP health check (Phase 3c)
+  //
+  // Walk ~/.claude.json#mcpServers. For every entry whose command is node
+  // and whose first arg resolves under ~/.ldm/extensions/ or ~/.openclaw/
+  // extensions/, verify the file exists and parses. Report any that do not.
+  //
+  // This catches the failure mode where an extension renamed its MCP file,
+  // updated its deployed artifacts, but the old .claude.json entry still
+  // points at a path that was rotated into _trash. Surfacing these in
+  // doctor makes the class of failure loud instead of silent.
+  {
+    const ccUserPath = join(HOME, '.claude.json');
+    const ccUser = readJSON(ccUserPath);
+    const ldmExtRoot = LDM_EXTENSIONS;
+    const ocExtRoot = join(HOME, '.openclaw', 'extensions');
+    const broken = [];
+    if (ccUser?.mcpServers) {
+      for (const [name, cfg] of Object.entries(ccUser.mcpServers)) {
+        if (cfg?.command !== 'node') continue;
+        const args = Array.isArray(cfg.args) ? cfg.args : [];
+        const first = args[0];
+        if (!first || typeof first !== 'string') continue;
+        const underExt = first.startsWith(ldmExtRoot + '/') || first.startsWith(ocExtRoot + '/');
+        if (!underExt) continue;
+        if (!existsSync(first)) {
+          broken.push({ name, path: first, reason: 'missing' });
+          continue;
+        }
+        try {
+          execSync(`node --check "${first}"`, { stdio: 'pipe', timeout: 5000 });
+        } catch (e) {
+          const stderr = (e && e.stderr && e.stderr.toString && e.stderr.toString().trim()) || (e && e.message) || 'unparseable';
+          broken.push({ name, path: first, reason: 'unparseable', detail: stderr.split('\n')[0] });
+        }
+      }
+    }
+    if (broken.length > 0) {
+      for (const b of broken) {
+        const detail = b.detail ? ` (${b.detail})` : '';
+        console.log(`  ! MCP ${b.name}: ${b.reason} at ${b.path}${detail}`);
+      }
+      if (FIX_FLAG && ccUser?.mcpServers) {
+        for (const b of broken) {
+          delete ccUser.mcpServers[b.name];
+          console.log(`  + Removed dangling MCP: ${b.name}`);
+        }
+        writeFileSync(ccUserPath, JSON.stringify(ccUser, null, 2) + '\n');
+        // --fix resolved them, do not count as outstanding issues
+      } else {
+        console.log(`    Run: ldm doctor --fix to remove ${broken.length} dangling MCP entr${broken.length === 1 ? 'y' : 'ies'}`);
+        issues += broken.length;
+      }
+    } else if (ccUser?.mcpServers && Object.keys(ccUser.mcpServers).length > 0) {
+      console.log(`  + MCP entries under LDM/OC extensions: all paths exist and parse`);
+    }
+  }
   // 4. Check sacred locations
   const sacred = [
     { path: join(LDM_ROOT, 'memory'), label: 'memory/' },

package/lib/deploy.mjs CHANGED Viewed

@@ -59,6 +59,57 @@ function writeJSON(path, data) {
   writeFileSync(path, JSON.stringify(data, null, 2) + '\n');
 }
+export function validateSkillFrontmatter(path) {
+  let content;
+  try {
+    content = readFileSync(path, 'utf8');
+  } catch (e) {
+    return { ok: false, line: 1, message: `cannot read SKILL.md: ${e.message}` };
+  }
+  const lines = content.split(/\r?\n/);
+  if (lines[0] !== '---') {
+    return { ok: false, line: 1, message: 'SKILL.md must start with YAML frontmatter' };
+  }
+  let end = -1;
+  for (let i = 1; i < lines.length; i++) {
+    if (lines[i] === '---') {
+      end = i;
+      break;
+    }
+  }
+  if (end === -1) {
+    return { ok: false, line: 1, message: 'SKILL.md frontmatter is missing a closing --- marker' };
+  }
+  for (let i = 1; i < end; i++) {
+    const line = lines[i];
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#') || /^\s/.test(line)) continue;
+    const match = /^([A-Za-z0-9_-]+):(?:\s*(.*))?$/.exec(line);
+    if (!match) {
+      return { ok: false, line: i + 1, message: 'frontmatter line is not a simple key/value mapping' };
+    }
+    const value = match[2] || '';
+    const valueTrimmed = value.trimStart();
+    const first = valueTrimmed[0] || '';
+    const isQuoted = first === '"' || first === "'";
+    const isStructured = first === '[' || first === '{' || first === '|' || first === '>';
+    if (valueTrimmed.includes(': ') && !isQuoted && !isStructured) {
+      return {
+        ok: false,
+        line: i + 1,
+        message: 'value contains an unquoted colon; quote the scalar value',
+      };
+    }
+  }
+  return { ok: true };
+}
 function ensureBinExecutable(binNames) {
   try {
     const npmPrefix = execSync('npm config get prefix', { encoding: 'utf8' }).trim();
@@ -245,9 +296,17 @@ function buildSourceInfo(repoPath, pkg) {
     hasInfo = true;
   }
-  // If the repo path is inside ~/.ldm/tmp/, it was cloned from somewhere.
-  // Try to get the remote URL from git.
-  if (!source.repo) {
+  // If the repo path is itself a git working tree, trust its origin URL.
+  // Previously this ran git remote unconditionally, which walks up the
+  // directory tree. For npm-sourced installs extracted under ~/.ldm/tmp/
+  // (inside the tracked ~/.ldm repo), git happily returned the parent
+  // tracking repo's remote (wipcomputer/...-system-private) as the
+  // source for every extension. Registry source.repo was therefore
+  // unreliable. Now we only consult git if repoPath itself has a .git
+  // entry (directory for normal clones, file for worktrees). If it
+  // does not, we leave source.repo unset rather than capturing an
+  // ancestor's remote.
+  if (!source.repo && existsSync(join(repoPath, '.git'))) {
     try {
       const remote = execSync('git remote get-url origin 2>/dev/null', {
         cwd: repoPath,
@@ -882,6 +941,60 @@ function verifyOcConfig(pluginDirName) {
   }
 }
+/**
+ * Phase 3b: remove a stale MCP registration for an extension whose current
+ * source no longer exposes an MCP interface. Keyed on path, not source
+ * metadata (buildSourceInfo is known to capture the parent repo's remote
+ * when extraction lands inside another git working tree).
+ *
+ * Removes the entry from ~/.claude.json#mcpServers if the args path
+ * resolves under LDM_EXTENSIONS/<toolName> or OC_EXTENSIONS/<toolName>.
+ * No-op if no entry exists or the path points elsewhere.
+ */
+function unregisterStaleMCP(toolName) {
+  const ccUserPath = join(HOME, '.claude.json');
+  const ccUser = readJSON(ccUserPath);
+  const entry = ccUser?.mcpServers?.[toolName];
+  if (!entry) return;
+  const firstArg = Array.isArray(entry.args) ? entry.args[0] : null;
+  if (!firstArg || typeof firstArg !== 'string') return;
+  const ldmExt = join(LDM_EXTENSIONS, toolName);
+  const ocExt = join(OC_EXTENSIONS, toolName);
+  const pointsHere = firstArg.startsWith(ldmExt + '/') || firstArg.startsWith(ocExt + '/');
+  if (!pointsHere) return;
+  if (DRY_RUN) {
+    ok(`MCP: would unregister stale ${toolName} entry pointing at ${firstArg} (dry run)`);
+    return;
+  }
+  try {
+    execSync(`claude mcp remove ${toolName} --scope user`, { stdio: 'pipe' });
+    ok(`MCP: unregistered stale ${toolName} entry (source no longer exposes MCP)`);
+  } catch {
+    // Fallback: direct edit to ~/.claude.json
+    try {
+      const cfg = readJSON(ccUserPath) || {};
+      if (cfg.mcpServers && cfg.mcpServers[toolName]) {
+        delete cfg.mcpServers[toolName];
+        writeJSON(ccUserPath, cfg);
+        ok(`MCP: unregistered stale ${toolName} entry via direct .claude.json edit`);
+      }
+    } catch (e) {
+      log(`Warning: could not unregister stale MCP ${toolName}: ${e.message}`);
+    }
+  }
+  // Also clean OpenClaw side if installed.
+  try {
+    execSync(`openclaw mcp unset ${toolName}`, { stdio: 'pipe' });
+  } catch {
+    // Non-fatal. OpenClaw may not be installed, or may not have had this mcp.
+  }
+}
 function registerMCP(repoPath, door, toolName) {
   let rawName = toolName || door.name || basename(repoPath);
   // Strip /tmp/ clone prefixes (ldm-install-, wip-install-)
@@ -894,6 +1007,27 @@ function registerMCP(repoPath, door, toolName) {
     : existsSync(ldmFallbackPath) ? ldmFallbackPath
     : repoServerPath;
+  // Postcondition: the resolved entrypoint must exist and parse before we
+  // touch ~/.claude.json. Previously, if the published tarball did not
+  // contain the declared mcp-server file (see wip-1password 0.2.3-alpha.2
+  // bug writeup), we still wrote the registration and left a dangling
+  // "Failed to connect" entry that was invisible until the user ran
+  // `claude mcp list`. Fail loudly instead.
+  if (!existsSync(mcpPath)) {
+    fail(`MCP: ${name} registration aborted. Resolved path does not exist: ${mcpPath}`);
+    fail(`MCP: candidates checked: ${ldmServerPath}, ${ldmFallbackPath}, ${repoServerPath}`);
+    fail(`MCP: verify the published package includes "${door.file}" (check files array).`);
+    return false;
+  }
+  try {
+    execSync(`node --check "${mcpPath}"`, { stdio: 'pipe', timeout: 5000 });
+  } catch (e) {
+    const stderr = (e && e.stderr && e.stderr.toString && e.stderr.toString().trim()) || (e && e.message) || 'unknown error';
+    fail(`MCP: ${name} registration aborted. Entrypoint failed node --check: ${mcpPath}`);
+    fail(`MCP: ${stderr}`);
+    return false;
+  }
   // Check ~/.claude.json (user-level MCP)
   const ccUserPath = join(HOME, '.claude.json');
   const ccUser = readJSON(ccUserPath);
@@ -1112,6 +1246,12 @@ function installSkill(repoPath, toolName) {
   if (!existsSync(skillSrc) && existsSync(permanentSkill)) skillSrc = permanentSkill;
   if (!existsSync(skillSrc)) return false;
+  const frontmatter = validateSkillFrontmatter(skillSrc);
+  if (!frontmatter.ok) {
+    fail(`Skill: invalid SKILL.md frontmatter at ${skillSrc}:${frontmatter.line}: ${frontmatter.message}`);
+    return false;
+  }
   // Find references/ source: repo path first, then permanent copy
   let refsSrc = join(repoPath, 'references');
   const permanentRefs = join(LDM_EXTENSIONS, toolName, 'references');
@@ -1272,6 +1412,12 @@ export function installSingleTool(toolPath) {
     } else {
       skip(`MCP: ${toolName} not enabled. Run: ldm enable ${toolName}`);
     }
+  } else {
+    // Phase 3b: source no longer exposes an MCP interface (file renamed,
+    // moved to src/, removed, etc). If a prior install registered an MCP
+    // whose args point into this extension's directory, un-register it so
+    // claude mcp list does not keep a dangling "Failed to connect" entry.
+    unregisterStaleMCP(toolName);
   }
   if (interfaces.claudeCodeHook) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.79",
+  "version": "0.4.81",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {
@@ -19,6 +19,7 @@
     "build:bridge": "cd src/bridge && npm install && npx tsup core.ts mcp-server.ts cli.ts openclaw.ts --format esm --dts --clean --outDir ../../dist/bridge",
     "build": "npm run build:bridge",
     "prepublishOnly": "npm run build:bridge",
+    "test:skill-frontmatter": "node scripts/test-skill-frontmatter.mjs",
     "fmt": "npx prettier --write 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'",
     "fmt:check": "npx prettier --check 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'"
   },

package/scripts/test-skill-frontmatter.mjs ADDED Viewed

@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+import { mkdtempSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { validateSkillFrontmatter } from '../lib/deploy.mjs';
+const dir = mkdtempSync(join(tmpdir(), 'ldm-skill-frontmatter-'));
+const bad = join(dir, 'bad-SKILL.md');
+const good = join(dir, 'good-SKILL.md');
+writeFileSync(bad, [
+  '---',
+  'name: bad',
+  'description: Read when: guard blocks a tool call',
+  '---',
+  '',
+  '# Bad',
+  '',
+].join('\n'));
+writeFileSync(good, [
+  '---',
+  'name: good',
+  'description: "Read when: guard blocks a tool call"',
+  '---',
+  '',
+  '# Good',
+  '',
+].join('\n'));
+const badResult = validateSkillFrontmatter(bad);
+if (badResult.ok) {
+  throw new Error('expected unquoted colon frontmatter to be rejected');
+}
+if (badResult.line !== 3) {
+  throw new Error(`expected failure on line 3, got line ${badResult.line}`);
+}
+const goodResult = validateSkillFrontmatter(good);
+if (!goodResult.ok) {
+  throw new Error(`expected quoted frontmatter to pass: ${goodResult.message}`);
+}
+console.log('skill frontmatter regression passed');