account-pool-mcp 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Ankit Sachdeva
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,69 @@
+# account-pool-mcp
+
+An MCP server that hands out test accounts to agent sessions one at a time, so two sessions never
+end up logged into the same account.
+
+## The problem
+
+When you run several agent sessions at once — say a few Claude sessions each driving their own
+Playwright browser — they all need to log in, and left alone they'll grab the same test account and
+step on each other. Two sessions on one account corrupt each other's state and your test results
+become meaningless. Picking a random account doesn't really help either: with 10 accounts and 5
+sessions, a collision is already more likely than not.
+
+The fix is to lease accounts. A session checks one out, uses it, and returns it. While it's checked
+out, no one else can be handed it.
+
+## How it works
+
+The server keeps a pool of accounts in a small SQLite database and gives them out one at a time.
+Allocation happens inside a `BEGIN IMMEDIATE` transaction, so even if several sessions ask at the
+exact same moment, they can't be handed the same account. Each lease has a TTL, so if a session
+crashes without returning its account, it gets reclaimed automatically — there's nothing to clean up.
+
+All of this happens in the background. The agent just asks for an account when it needs one; the
+broker decides which one it gets and guarantees no one else has it. There's no shared parent process
+— unrelated sessions coordinate purely through the database file.
+
+## Tools
+
+- `lease_account(pool, holder?)` — check out an account. Returns the account, its credentials, and a
+  `lease_token`. Hold it until you're done.
+- `release_account(lease_token)` — give it back. Idempotent.
+- `renew_lease(lease_token)` — extend the lease if your work runs long (a heartbeat).
+- `pool_status(pool?)` — what's leased vs. free. Never returns credential values.
+
+There's also a small `account-pool` CLI (`lease` / `release` / `renew` / `status`) over the same
+database, for scripts and humans.
+
+## Setup
+
+```bash
+cp examples/accounts.example.json accounts.json     # define your pools
+# then register the server with your MCP client — see examples/claude-mcp-config.json
+```
+
+Point every session's `APM_DB_PATH` at the same file — that shared file is how they coordinate.
+
+| Env var | Default | What it does |
+|---|---|---|
+| `APM_ACCOUNTS_FILE` | `./accounts.json` | Pools + accounts to load on startup. |
+| `APM_DB_PATH` | `./account-pool.db` | The SQLite file. Same path for every session. |
+| `APM_DEFAULT_TTL_SECONDS` | `1800` | How long a lease lasts before it's reclaimable. |
+| `APM_LEASE_WAIT_MS` | `0` | `0` = fail fast when the pool is empty; `>0` = wait this long for one to free up. |
+
+A credential value can be `{ "env": "VAR_NAME" }` instead of a literal, so real secrets stay in the
+environment and out of the accounts file.
+
+## Security
+
+These are test accounts, not a secrets vault. Credential values are never logged or returned by
+`pool_status` — a redacting logger masks them, and all logs go to stderr so they can't corrupt the
+MCP stream. Keep `accounts.json` and `*.db` out of git (only the `.example` files are committed). The
+stdio server trusts whoever runs it locally, so don't point it at production credentials.
+
+## Limitations
+
+Single host for now: coordination is through one SQLite file, so all sessions have to share a
+filesystem. The storage layer is isolated behind one module, so a Postgres or Redis backend could
+swap in later for multi-host coordination without changing the tools.

package/dist/bootstrap.d.ts

@@ -0,0 +1,10 @@
+import { type Db } from './db.js';
+import { AccountPool } from './pool.js';
+import type { AppConfig } from './types.js';
+export interface Booted {
+    db: Db;
+    pool: AccountPool;
+}
+export declare function bootstrap(config: AppConfig, opts?: {
+    quiet?: boolean;
+}): Booted;

package/dist/bootstrap.js

@@ -0,0 +1,28 @@
+// Shared startup: open the DB, seed accounts (idempotent), optionally reset leases, build the pool.
+// Used by both the MCP server entry (index.ts) and the CLI face (cli.ts) so they share one DB.
+import { loadSeed } from './config.js';
+import { openDb, resetLeases, seedAccounts } from './db.js';
+import { logger } from './logger.js';
+import { AccountPool } from './pool.js';
+export function bootstrap(config, opts = {}) {
+    const db = openDb(config.dbPath);
+    if (config.resetLeases) {
+        const cleared = resetLeases(db);
+        if (!opts.quiet)
+            logger.info('reset-leases: cleared lease state', { cleared });
+    }
+    const seed = loadSeed(config.accountsFile);
+    if (seed) {
+        const n = seedAccounts(db, seed);
+        if (!opts.quiet)
+            logger.info('seeded accounts (idempotent upsert)', { count: n });
+    }
+    else if (!opts.quiet) {
+        logger.warn('no accounts file found — pools will be empty', {
+            accountsFile: config.accountsFile,
+        });
+    }
+    const pool = new AccountPool({ db, defaultTtlSeconds: config.defaultTtlSeconds });
+    return { db, pool };
+}
+//# sourceMappingURL=bootstrap.js.map

package/dist/bootstrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA,oGAAoG;AACpG,+FAA+F;AAE/F,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAW,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAQxC,MAAM,UAAU,SAAS,CAAC,MAAiB,EAAE,OAA4B,EAAE;IACzE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAEjC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,CAAC,GAAG,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;IACpF,CAAC;SAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;YAC1D,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAClF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,126 @@
+#!/usr/bin/env node
+// account-pool — CLI face for the same broker. Lets shell scripts and humans lease/release/renew/
+// status against the SAME SQLite database the MCP server uses (no MCP round-trip). This is what an
+// existing auth script shells out to so account assignment becomes an invisible step.
+//
+//   account-pool lease <pool> [--holder h] [--ttl secs] [--wait-ms ms] [--json] [--field key]
+//   account-pool release <lease_token>
+//   account-pool renew <lease_token> [--ttl secs]
+//   account-pool status [pool] [--json]
+import { bootstrap } from './bootstrap.js';
+import { loadConfig, parseArgs } from './config.js';
+import { PoolExhaustedError } from './types.js';
+function out(s) {
+    process.stdout.write(`${s}\n`);
+}
+async function main() {
+    const [, , sub, ...rest] = process.argv;
+    // positional args (before any --flag) and flags, parsed separately
+    const positionals = rest.filter((a) => !a.startsWith('--'));
+    const flags = parseArgs(rest);
+    const config = loadConfig(rest);
+    const { pool } = bootstrap(config, { quiet: true });
+    switch (sub) {
+        case 'lease': {
+            const poolName = positionals[0];
+            if (!poolName) {
+                out('usage: account-pool lease <pool> [--holder h] [--ttl secs] [--wait-ms ms] [--json] [--field key]');
+                return 2;
+            }
+            try {
+                const result = await pool.acquire({
+                    pool: poolName,
+                    holder: typeof flags.holder === 'string' ? flags.holder : undefined,
+                    ttlSeconds: typeof flags.ttl === 'string' ? Number.parseInt(flags.ttl, 10) : undefined,
+                    waitMs: typeof flags['wait-ms'] === 'string'
+                        ? Number.parseInt(flags['wait-ms'], 10)
+                        : config.leaseWaitMs,
+                });
+                if (typeof flags.field === 'string') {
+                    const v = result.credentials[flags.field];
+                    if (v === undefined) {
+                        process.stderr.write(`credential field "${flags.field}" not present on ${result.account_id}\n`);
+                        return 4;
+                    }
+                    out(String(v));
+                }
+                else if (flags.json) {
+                    out(JSON.stringify(result));
+                }
+                else {
+                    out(`account_id=${result.account_id}`);
+                    out(`lease_token=${result.lease_token}`);
+                    out(`expires_at=${result.expires_at}`);
+                    for (const [k, v] of Object.entries(result.credentials))
+                        out(`${k}=${v}`);
+                }
+                return 0;
+            }
+            catch (err) {
+                if (err instanceof PoolExhaustedError) {
+                    process.stderr.write(`${err.message}\n`);
+                    return 3;
+                }
+                throw err;
+            }
+        }
+        case 'release': {
+            const token = positionals[0];
+            if (!token) {
+                out('usage: account-pool release <lease_token>');
+                return 2;
+            }
+            const result = pool.release(token);
+            out(flags.json
+                ? JSON.stringify(result)
+                : `released=${result.released}${result.account_id ? ` account_id=${result.account_id}` : ''}`);
+            return 0;
+        }
+        case 'renew': {
+            const token = positionals[0];
+            if (!token) {
+                out('usage: account-pool renew <lease_token> [--ttl secs]');
+                return 2;
+            }
+            const result = pool.renew(token, typeof flags.ttl === 'string' ? Number.parseInt(flags.ttl, 10) : undefined);
+            out(flags.json
+                ? JSON.stringify(result)
+                : `renewed=${result.renewed}${result.expires_at ? ` expires_at=${result.expires_at}` : ''}`);
+            return result.renewed ? 0 : 5;
+        }
+        case 'status': {
+            const pools = pool.status(positionals[0]);
+            if (flags.json) {
+                out(JSON.stringify(pools, null, 2));
+            }
+            else {
+                for (const p of pools) {
+                    out(`# ${p.pool}: ${p.available}/${p.total} available, ${p.leased} leased`);
+                    for (const a of p.accounts) {
+                        const tail = a.state === 'leased'
+                            ? `  held by ${a.holder} until ${new Date((a.expires_at ?? 0) * 1000).toISOString()}`
+                            : a.state === 'expired'
+                                ? `  (expired; reclaimable — was ${a.holder})`
+                                : '';
+                        out(`  ${a.account_id.padEnd(16)} ${a.state}${tail}`);
+                    }
+                }
+            }
+            return 0;
+        }
+        default:
+            out('usage: account-pool <lease|release|renew|status> ...');
+            out('  account-pool lease <pool> [--holder h] [--ttl secs] [--wait-ms ms] [--json] [--field key]');
+            out('  account-pool release <lease_token>');
+            out('  account-pool renew <lease_token> [--ttl secs]');
+            out('  account-pool status [pool] [--json]');
+            return sub ? 2 : 0;
+    }
+}
+main()
+    .then((code) => process.exit(code))
+    .catch((err) => {
+    process.stderr.write(`error: ${err.message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,kGAAkG;AAClG,mGAAmG;AACnG,sFAAsF;AACtF,EAAE;AACF,8FAA8F;AAC9F,uCAAuC;AACvC,kDAAkD;AAClD,wCAAwC;AAExC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD,SAAS,GAAG,CAAC,CAAS;IACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,CAAC,EAAE,AAAD,EAAG,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IACxC,mEAAmE;IACnE,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpD,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CACD,kGAAkG,CACnG,CAAC;gBACF,OAAO,CAAC,CAAC;YACX,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;oBAChC,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;oBACnE,UAAU,EAAE,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;oBACtF,MAAM,EACJ,OAAO,KAAK,CAAC,SAAS,CAAC,KAAK,QAAQ;wBAClC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;wBACvC,CAAC,CAAC,MAAM,CAAC,WAAW;iBACzB,CAAC,CAAC;gBACH,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACpC,MAAM,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;oBAC1C,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;wBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qBAAqB,KAAK,CAAC,KAAK,oBAAoB,MAAM,CAAC,UAAU,IAAI,CAC1E,CAAC;wBACF,OAAO,CAAC,CAAC;oBACX,CAAC;oBACD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjB,CAAC;qBAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;oBACtB,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC9B,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,cAAc,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;oBACvC,GAAG,CAAC,eAAe,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;oBACzC,GAAG,CAAC,cAAc,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;oBACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;wBAAE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,kBAAkB,EAAE,CAAC;oBACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;oBACzC,OAAO,CAAC,CAAC;gBACX,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,GAAG,CAAC,2CAA2C,CAAC,CAAC;gBACjD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACnC,GAAG,CACD,KAAK,CAAC,IAAI;gBACR,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBACxB,CAAC,CAAC,YAAY,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,eAAe,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAChG,CAAC;YACF,OAAO,CAAC,CAAC;QACX,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBAC5D,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,KAAK,EACL,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3E,CAAC;YACF,GAAG,CACD,KAAK,CAAC,IAAI;gBACR,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBACxB,CAAC,CAAC,WAAW,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,eAAe,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9F,CAAC;YACF,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;oBACtB,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,MAAM,SAAS,CAAC,CAAC;oBAC5E,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;wBAC3B,MAAM,IAAI,GACR,CAAC,CAAC,KAAK,KAAK,QAAQ;4BAClB,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;4BACrF,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS;gCACrB,CAAC,CAAC,iCAAiC,CAAC,CAAC,MAAM,GAAG;gCAC9C,CAAC,CAAC,EAAE,CAAC;wBACX,GAAG,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,GAAG,IAAI,EAAE,CAAC,CAAC;oBACxD,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QAED;YACE,GAAG,CAAC,sDAAsD,CAAC,CAAC;YAC5D,GAAG,CACD,6FAA6F,CAC9F,CAAC;YACF,GAAG,CAAC,sCAAsC,CAAC,CAAC;YAC5C,GAAG,CAAC,iDAAiD,CAAC,CAAC;YACvD,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,IAAI,EAAE;KACH,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KAClC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;IAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,12 @@
+import type { AppConfig, Credentials, PoolsSeed, ResolvedCredentials } from './types.js';
+/** Minimal `--flag value` / `--flag` parser (no dependency). */
+export declare function parseArgs(argv: string[]): Record<string, string | boolean>;
+/** Build the runtime config from CLI flags (highest precedence) then env then defaults. */
+export declare function loadConfig(argv?: string[], env?: NodeJS.ProcessEnv): AppConfig;
+/** Load + shape-validate the accounts seed file. Returns `null` if the file is absent. */
+export declare function loadSeed(accountsFile: string): PoolsSeed | null;
+/**
+ * Resolve credential env-indirection at lease time. A value `{ env: "X" }` becomes
+ * `process.env.X`; a missing env var is a clear, actionable error (never a silent empty string).
+ */
+export declare function resolveCredentials(credentials: Credentials, accountId: string, env?: NodeJS.ProcessEnv): ResolvedCredentials;

package/dist/config.js

@@ -0,0 +1,115 @@
+// Configuration: env vars, CLI flags, the accounts seed file, and credential env-indirection.
+import { readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+const DEFAULTS = {
+    dbPath: './account-pool.db',
+    accountsFile: './accounts.json',
+    defaultTtlSeconds: 1800,
+    leaseWaitMs: 0,
+};
+/** Minimal `--flag value` / `--flag` parser (no dependency). */
+export function parseArgs(argv) {
+    const args = {};
+    for (let i = 0; i < argv.length; i++) {
+        const cur = argv[i];
+        if (!cur?.startsWith('--'))
+            continue;
+        const key = cur.slice(2);
+        const next = argv[i + 1];
+        if (next !== undefined && !next.startsWith('--')) {
+            args[key] = next;
+            i++;
+        }
+        else {
+            args[key] = true;
+        }
+    }
+    return args;
+}
+function intEnv(env, name, fallback) {
+    const raw = env[name];
+    if (raw === undefined || raw === '')
+        return fallback;
+    const n = Number.parseInt(raw, 10);
+    if (Number.isNaN(n) || n < 0) {
+        throw new Error(`Invalid ${name}="${raw}" — expected a non-negative integer.`);
+    }
+    return n;
+}
+/** Build the runtime config from CLI flags (highest precedence) then env then defaults. */
+export function loadConfig(argv = process.argv.slice(2), env = process.env) {
+    const flags = parseArgs(argv);
+    const flagStr = (k) => (typeof flags[k] === 'string' ? flags[k] : undefined);
+    return {
+        dbPath: flagStr('db') ?? env.APM_DB_PATH ?? DEFAULTS.dbPath,
+        accountsFile: flagStr('accounts') ?? env.APM_ACCOUNTS_FILE ?? DEFAULTS.accountsFile,
+        defaultTtlSeconds: intEnv(env, 'APM_DEFAULT_TTL_SECONDS', DEFAULTS.defaultTtlSeconds),
+        leaseWaitMs: intEnv(env, 'APM_LEASE_WAIT_MS', DEFAULTS.leaseWaitMs),
+        resetLeases: flags['reset-leases'] === true,
+    };
+}
+/** Load + shape-validate the accounts seed file. Returns `null` if the file is absent. */
+export function loadSeed(accountsFile) {
+    let raw;
+    try {
+        raw = readFileSync(resolve(accountsFile), 'utf8');
+    }
+    catch (err) {
+        if (err.code === 'ENOENT')
+            return null;
+        throw err;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        throw new Error(`Accounts file ${accountsFile} is not valid JSON: ${err.message}`);
+    }
+    const pools = parsed?.pools;
+    if (!pools || typeof pools !== 'object') {
+        throw new Error(`Accounts file ${accountsFile} must have a top-level "pools" object.`);
+    }
+    const seen = new Set();
+    for (const [pool, accounts] of Object.entries(pools)) {
+        if (!Array.isArray(accounts)) {
+            throw new Error(`Pool "${pool}" in ${accountsFile} must be an array of accounts.`);
+        }
+        for (const acc of accounts) {
+            if (!acc?.id || typeof acc.id !== 'string') {
+                throw new Error(`An account in pool "${pool}" is missing a string "id".`);
+            }
+            if (seen.has(acc.id)) {
+                throw new Error(`Duplicate account id "${acc.id}" in ${accountsFile} — ids must be unique.`);
+            }
+            seen.add(acc.id);
+            if (!acc.credentials || typeof acc.credentials !== 'object') {
+                throw new Error(`Account "${acc.id}" is missing a "credentials" object.`);
+            }
+        }
+    }
+    return parsed;
+}
+/**
+ * Resolve credential env-indirection at lease time. A value `{ env: "X" }` becomes
+ * `process.env.X`; a missing env var is a clear, actionable error (never a silent empty string).
+ */
+export function resolveCredentials(credentials, accountId, env = process.env) {
+    const out = {};
+    for (const [key, value] of Object.entries(credentials)) {
+        if (value && typeof value === 'object' && 'env' in value) {
+            const envName = value.env;
+            const resolved = env[envName];
+            if (resolved === undefined || resolved === '') {
+                throw new Error(`Account "${accountId}" credential "${key}" requires environment variable ` +
+                    `"${envName}", which is not set. Export it before leasing.`);
+            }
+            out[key] = resolved;
+        }
+        else {
+            out[key] = value;
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,8FAA8F;AAE9F,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE,mBAAmB;IAC3B,YAAY,EAAE,iBAAiB;IAC/B,iBAAiB,EAAE,IAAI;IACvB,WAAW,EAAE,CAAC;CACf,CAAC;AAEF,gEAAgE;AAChE,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,IAAI,GAAqC,EAAE,CAAC;IAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QACrC,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACzB,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YACjB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CAAC,GAAsB,EAAE,IAAY,EAAE,QAAgB;IACpE,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;IACtB,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,EAAE;QAAE,OAAO,QAAQ,CAAC;IACrD,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACnC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,GAAG,sCAAsC,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,2FAA2F;AAC3F,MAAM,UAAU,UAAU,CACxB,OAAiB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EACtC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,KAAK,CAAC,CAAC,CAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjG,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,WAAW,IAAI,QAAQ,CAAC,MAAM;QAC3D,YAAY,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,iBAAiB,IAAI,QAAQ,CAAC,YAAY;QACnF,iBAAiB,EAAE,MAAM,CAAC,GAAG,EAAE,yBAAyB,EAAE,QAAQ,CAAC,iBAAiB,CAAC;QACrF,WAAW,EAAE,MAAM,CAAC,GAAG,EAAE,mBAAmB,EAAE,QAAQ,CAAC,WAAW,CAAC;QACnE,WAAW,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,IAAI;KAC5C,CAAC;AACJ,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,QAAQ,CAAC,YAAoB;IAC3C,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAClE,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,iBAAiB,YAAY,uBAAwB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAChG,CAAC;IACD,MAAM,KAAK,GAAI,MAAoB,EAAE,KAAK,CAAC;IAC3C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,iBAAiB,YAAY,wCAAwC,CAAC,CAAC;IACzF,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,QAAQ,YAAY,gCAAgC,CAAC,CAAC;QACrF,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC3C,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,6BAA6B,CAAC,CAAC;YAC5E,CAAC;YACD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,CAAC,EAAE,QAAQ,YAAY,wBAAwB,CAC5E,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjB,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,YAAY,GAAG,CAAC,EAAE,sCAAsC,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAmB,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,WAAwB,EACxB,SAAiB,EACjB,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACvD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,KAAK,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC;YAC1B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;YAC9B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CACb,YAAY,SAAS,iBAAiB,GAAG,kCAAkC;oBACzE,IAAI,OAAO,gDAAgD,CAC9D,CAAC;YACJ,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,GAAG,KAAkC,CAAC;QAChD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/db.d.ts

@@ -0,0 +1,13 @@
+import Database from 'better-sqlite3';
+import type { PoolsSeed } from './types.js';
+export type Db = Database.Database;
+/** Open the database, apply pragmas (WAL + busy_timeout) and run migrations. */
+export declare function openDb(dbPath: string, busyTimeoutMs?: number): Db;
+/**
+ * Idempotent seed upsert. Adding accounts to the seed file and restarting must NOT clobber live
+ * lease state — so this updates only `pool` + `credentials`, never the lease columns.
+ * Returns the number of accounts inserted or updated.
+ */
+export declare function seedAccounts(db: Db, seed: PoolsSeed): number;
+/** Force-clear all lease state (the `--reset-leases` startup flag). */
+export declare function resetLeases(db: Db): number;

package/dist/db.js

@@ -0,0 +1,83 @@
+// SQLite layer: open in WAL mode, run migrations, seed accounts with an idempotent upsert.
+//
+// WAL + a busy_timeout is what lets MANY independent server processes (one per agent session)
+// safely share one database file: writers serialize, readers don't block, and a writer that finds
+// the lock held waits up to busy_timeout instead of erroring out immediately.
+import Database from 'better-sqlite3';
+const SCHEMA_VERSION = 1;
+const MIGRATIONS = {
+    1: `
+    CREATE TABLE IF NOT EXISTS accounts (
+      id           TEXT PRIMARY KEY,
+      pool         TEXT NOT NULL,
+      credentials  TEXT NOT NULL,
+      leased_by    TEXT,
+      lease_token  TEXT,
+      leased_at    INTEGER,
+      ttl_seconds  INTEGER,
+      lease_count  INTEGER NOT NULL DEFAULT 0
+    );
+    CREATE INDEX IF NOT EXISTS idx_accounts_pool_leasedby ON accounts (pool, leased_by);
+    CREATE UNIQUE INDEX IF NOT EXISTS idx_accounts_lease_token ON accounts (lease_token)
+      WHERE lease_token IS NOT NULL;
+  `,
+};
+/** Open the database, apply pragmas (WAL + busy_timeout) and run migrations. */
+export function openDb(dbPath, busyTimeoutMs = 5000) {
+    const db = new Database(dbPath);
+    db.pragma('journal_mode = WAL');
+    db.pragma('synchronous = NORMAL');
+    db.pragma(`busy_timeout = ${busyTimeoutMs}`);
+    db.pragma('foreign_keys = ON');
+    migrate(db);
+    return db;
+}
+function migrate(db) {
+    db.exec('CREATE TABLE IF NOT EXISTS meta (key TEXT PRIMARY KEY, value TEXT NOT NULL)');
+    const row = db.prepare("SELECT value FROM meta WHERE key = 'schema_version'").get();
+    const current = row ? Number.parseInt(row.value, 10) : 0;
+    const apply = db.transaction((from) => {
+        for (let v = from + 1; v <= SCHEMA_VERSION; v++) {
+            const sql = MIGRATIONS[v];
+            if (sql)
+                db.exec(sql);
+        }
+        db.prepare("INSERT INTO meta (key, value) VALUES ('schema_version', ?) " +
+            'ON CONFLICT(key) DO UPDATE SET value = excluded.value').run(String(SCHEMA_VERSION));
+    });
+    if (current < SCHEMA_VERSION)
+        apply(current);
+}
+/**
+ * Idempotent seed upsert. Adding accounts to the seed file and restarting must NOT clobber live
+ * lease state — so this updates only `pool` + `credentials`, never the lease columns.
+ * Returns the number of accounts inserted or updated.
+ */
+export function seedAccounts(db, seed) {
+    const upsert = db.prepare(`INSERT INTO accounts (id, pool, credentials, lease_count)
+       VALUES (@id, @pool, @credentials, 0)
+     ON CONFLICT(id) DO UPDATE SET
+       pool = excluded.pool,
+       credentials = excluded.credentials`);
+    let count = 0;
+    const tx = db.transaction(() => {
+        for (const [pool, accounts] of Object.entries(seed.pools)) {
+            for (const acc of accounts) {
+                upsert.run({ id: acc.id, pool, credentials: JSON.stringify(acc.credentials) });
+                count++;
+            }
+        }
+    });
+    tx();
+    return count;
+}
+/** Force-clear all lease state (the `--reset-leases` startup flag). */
+export function resetLeases(db) {
+    const info = db
+        .prepare(`UPDATE accounts
+         SET leased_by = NULL, lease_token = NULL, leased_at = NULL, ttl_seconds = NULL
+       WHERE leased_by IS NOT NULL`)
+        .run();
+    return info.changes;
+}
+//# sourceMappingURL=db.js.map

package/dist/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,2FAA2F;AAC3F,EAAE;AACF,8FAA8F;AAC9F,kGAAkG;AAClG,8EAA8E;AAE9E,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAKtC,MAAM,cAAc,GAAG,CAAC,CAAC;AAEzB,MAAM,UAAU,GAA2B;IACzC,CAAC,EAAE;;;;;;;;;;;;;;GAcF;CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,UAAU,MAAM,CAAC,MAAc,EAAE,aAAa,GAAG,IAAI;IACzD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChC,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAClC,EAAE,CAAC,MAAM,CAAC,kBAAkB,aAAa,EAAE,CAAC,CAAC;IAC7C,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,CAAC;IACZ,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,OAAO,CAAC,EAAM;IACrB,EAAE,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;IACvF,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,qDAAqD,CAAC,CAAC,GAAG,EAEpE,CAAC;IACd,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,IAAY,EAAE,EAAE;QAC5C,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,GAAG;gBAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;QACD,EAAE,CAAC,OAAO,CACR,6DAA6D;YAC3D,uDAAuD,CAC1D,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IACH,IAAI,OAAO,GAAG,cAAc;QAAE,KAAK,CAAC,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,EAAM,EAAE,IAAe;IAClD,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CACvB;;;;0CAIsC,CACvC,CAAC;IACF,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;QAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;gBAC/E,KAAK,EAAE,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,EAAE,CAAC;IACL,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,WAAW,CAAC,EAAM;IAChC,MAAM,IAAI,GAAG,EAAE;SACZ,OAAO,CACN;;mCAE6B,CAC9B;SACA,GAAG,EAAE,CAAC;IACT,OAAO,IAAI,CAAC,OAAO,CAAC;AACtB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+// account-pool-mcp — stdio MCP server entry point.
+//
+// Brokers exclusive, crash-safe leases on a pool of credentials across independent agent sessions.
+// Flags: --db <path>  --accounts <path>  --reset-leases   (env: APM_DB_PATH, APM_ACCOUNTS_FILE,
+// APM_DEFAULT_TTL_SECONDS, APM_LEASE_WAIT_MS). All logging goes to stderr; stdout is the MCP channel.
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { bootstrap } from './bootstrap.js';
+import { loadConfig } from './config.js';
+import { logger } from './logger.js';
+import { buildServer } from './server.js';
+async function main() {
+    const config = loadConfig();
+    const { pool } = bootstrap(config);
+    const server = buildServer(pool, config);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    logger.info('account-pool-mcp ready (stdio)', {
+        db: config.dbPath,
+        defaultTtlSeconds: config.defaultTtlSeconds,
+        leaseWaitMs: config.leaseWaitMs,
+    });
+}
+main().catch((err) => {
+    logger.error('fatal', { message: err.message, stack: err.stack });
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,mDAAmD;AACnD,EAAE;AACF,mGAAmG;AACnG,gGAAgG;AAChG,sGAAsG;AAEtG,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAEzC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE;QAC5C,EAAE,EAAE,MAAM,CAAC,MAAM;QACjB,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,WAAW,EAAE,MAAM,CAAC,WAAW;KAChC,CAAC,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAG,GAAa,CAAC,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,KAAK,EAAE,CAAC,CAAC;IACxF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/logger.d.ts

@@ -0,0 +1,8 @@
+/** Deep-redact any object so no secret value can ever be logged or returned in observability output. */
+export declare function redact<T>(value: T): T;
+export declare const logger: {
+    debug: (msg: string, meta?: unknown) => void;
+    info: (msg: string, meta?: unknown) => void;
+    warn: (msg: string, meta?: unknown) => void;
+    error: (msg: string, meta?: unknown) => void;
+};

package/dist/logger.js

@@ -0,0 +1,44 @@
+// Redacting logger.
+//
+// TWO hard rules live here:
+//   1. NEVER emit a credential value. Any key whose name looks secret is replaced with "***",
+//      recursively, before anything is written.
+//   2. On the stdio MCP transport, STDOUT is the JSON-RPC channel. A stray byte on stdout
+//      corrupts the protocol. So every log line goes to STDERR, always.
+const SECRET_KEY = /pass(word)?|secret|token|credential|cred|api[-_]?key|private[-_]?key|salt|ssn/i;
+const REDACTED = '***';
+/** Deep-redact any object so no secret value can ever be logged or returned in observability output. */
+export function redact(value) {
+    if (Array.isArray(value)) {
+        return value.map((v) => redact(v));
+    }
+    if (value && typeof value === 'object') {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = SECRET_KEY.test(k) ? REDACTED : redact(v);
+        }
+        return out;
+    }
+    return value;
+}
+function emit(level, msg, meta) {
+    const line = {
+        t: new Date().toISOString(),
+        level,
+        msg,
+    };
+    if (meta !== undefined)
+        line.meta = redact(meta);
+    // STDERR only — stdout belongs to the MCP protocol.
+    process.stderr.write(`${JSON.stringify(line)}\n`);
+}
+export const logger = {
+    debug: (msg, meta) => {
+        if (process.env.APM_DEBUG)
+            emit('debug', msg, meta);
+    },
+    info: (msg, meta) => emit('info', msg, meta),
+    warn: (msg, meta) => emit('warn', msg, meta),
+    error: (msg, meta) => emit('error', msg, meta),
+};
+//# sourceMappingURL=logger.js.map

package/dist/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,EAAE;AACF,4BAA4B;AAC5B,8FAA8F;AAC9F,gDAAgD;AAChD,0FAA0F;AAC1F,wEAAwE;AAExE,MAAM,UAAU,GAAG,gFAAgF,CAAC;AACpG,MAAM,QAAQ,GAAG,KAAK,CAAC;AAEvB,wGAAwG;AACxG,MAAM,UAAU,MAAM,CAAI,KAAQ;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAiB,CAAC;IACrD,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,GAAmB,CAAC;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAID,SAAS,IAAI,CAAC,KAAY,EAAE,GAAW,EAAE,IAAc;IACrD,MAAM,IAAI,GAA4B;QACpC,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC3B,KAAK;QACL,GAAG;KACJ,CAAC;IACF,IAAI,IAAI,KAAK,SAAS;QAAE,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,oDAAoD;IACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,KAAK,EAAE,CAAC,GAAW,EAAE,IAAc,EAAE,EAAE;QACrC,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS;YAAE,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,EAAE,CAAC,GAAW,EAAE,IAAc,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC;IAC9D,IAAI,EAAE,CAAC,GAAW,EAAE,IAAc,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC;IAC9D,KAAK,EAAE,CAAC,GAAW,EAAE,IAAc,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC;CACjE,CAAC"}