npm - bare-agent - Versions diffs - 0.4.2 → 0.5.0 - Mend

bare-agent 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -11,7 +11,7 @@
 ```
-**Agent orchestration in ~1700 lines. Zero required deps. MIT license.**
+**Agent orchestration in ~1800 lines. Zero required deps. MIT license.**
 Lightweight enough to understand completely. Complete enough to not reinvent wheels. Not a framework, not 50,000 lines of opinions — just composable building blocks for agents.
@@ -60,7 +60,7 @@ Every piece works alone — take what you need, ignore the rest.
 | Component | What it does |
 |---|---|
-| **Loop** | Think → act → observe → repeat. Calls any LLM, executes your tools, loops until done. Throws on error by default |
+| **Loop** | Think → act → observe → repeat. Calls any LLM, executes your tools, loops until done. Throws on error by default. Returns estimated USD cost per run |
 | **Planner** | Break a goal into a step DAG via LLM. Built-in caching (`cacheTTL`) |
 | **runPlan** | Execute steps in parallel waves. Dependency-aware, failure propagation, per-step retry |
 | **Retry** | Exponential/linear backoff with jitter. Respects `err.retryable` |
@@ -72,8 +72,9 @@ Every piece works alone — take what you need, ignore the rest.
 | **Scheduler** | Cron (`0 9 * * 1-5`) or relative (`2h`, `30m`). Persisted jobs survive restarts |
 | **Stream** | Structured event emitter. Pipe as JSONL, subscribe in-process, or custom transport |
 | **Errors** | Typed hierarchy — `ProviderError`, `ToolError`, `TimeoutError`, `MaxRoundsError`, `CircuitOpenError` |
-| **Browsing** | Web navigation, clicking, typing, reading via `barebrowse`. Two modes: library tools (inline snapshots, pass to Loop) or CLI session (disk-based snapshots, token-efficient for multi-step flows) |
+| **Browsing** | Web navigation, clicking, typing, reading via `barebrowse` (17 tools). Two modes: library tools (inline snapshots, pass to Loop) or CLI session (disk-based snapshots, token-efficient for multi-step flows). Optional `assess` tool (privacy scan) when `wearehere` is installed |
 | **Mobile** | Android + iOS device control via `baremobile`. Same two modes: library tools (`createMobileTools` — action tools auto-return snapshots) or CLI session (`baremobile` CLI — disk-based snapshots) |
+| **MCP Bridge** | Auto-discover MCP servers from IDE configs (Claude Code, Cursor, etc.), expose as bareagent tools. Allow/deny filtering, policy functions, `systemContext` for LLM awareness. Zero deps |
 **Providers:** OpenAI-compatible (OpenAI, OpenRouter, Groq, vLLM, LM Studio), Anthropic, Ollama, CLIPipe (any CLI tool via stdin/stdout with real-time streaming), Fallback, or bring your own (one method: `generate`). All return the same shape — swap freely.
@@ -81,7 +82,7 @@ Every piece works alone — take what you need, ignore the rest.
 **Cross-language:** Runs as a subprocess. Communicate via JSONL on stdin/stdout from Python, Go, Rust, Ruby, Java, or anything that can spawn a process. Ready-made wrappers in [`contrib/`](contrib/README.md).
-**Deps:** 0 required. Optional: `cron-parser` (cron expressions), `better-sqlite3` (SQLite store), `barebrowse` (web browsing), `baremobile` (Android + iOS device control).
+**Deps:** 0 required. Optional: `cron-parser` (cron expressions), `better-sqlite3` (SQLite store), `barebrowse` (web browsing), `baremobile` (Android + iOS device control), `wearehere` (privacy assessment via barebrowse).
 ---

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "bare-agent",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "files": [
     "index.js",
     "src/",
     "bin/",
     "tools/"
   ],
-  "description": "Lightweight, composable agent orchestration. ~1700 lines, 0 required deps.",
+  "description": "Lightweight, composable agent orchestration. ~1800 lines, 0 required deps.",
   "license": "MIT",
   "author": "hamr0",
   "repository": {
@@ -23,7 +23,8 @@
     "./providers": "./src/providers.js",
     "./stores": "./src/stores.js",
     "./transports": "./src/transports.js",
-    "./tools": "./src/tools.js"
+    "./tools": "./src/tools.js",
+    "./mcp": "./src/mcp.js"
   },
   "engines": {
     "node": ">=18"

package/src/loop.js CHANGED Viewed

@@ -2,6 +2,33 @@
 const { ToolError, MaxRoundsError } = require('./errors');
+// Average pricing per 1K tokens (USD). Adjust these to match your provider's rates.
+// Last updated: 2026-03-18. Source: public provider pricing pages.
+const COST_PER_1K = {
+  // OpenAI
+  'gpt-4o': { in: 0.0025, out: 0.01 },
+  'gpt-4o-mini': { in: 0.00015, out: 0.0006 },
+  'gpt-4.1': { in: 0.002, out: 0.008 },
+  'gpt-4.1-mini': { in: 0.0004, out: 0.0016 },
+  'gpt-4.1-nano': { in: 0.0001, out: 0.0004 },
+  'o3-mini': { in: 0.0011, out: 0.0044 },
+  // Anthropic
+  'claude-sonnet-4-20250514': { in: 0.003, out: 0.015 },
+  'claude-haiku-4-5-20251001': { in: 0.0008, out: 0.004 },
+  'claude-opus-4-20250514': { in: 0.015, out: 0.075 },
+  // Fallback average across popular models (~$0.002 in, ~$0.008 out per 1K)
+  '_default': { in: 0.002, out: 0.008 },
+};
+function estimateCost(model, usage) {
+  if (!usage || !model) return null;
+  const rates = COST_PER_1K[model] || COST_PER_1K['_default'];
+  return (
+    ((usage.inputTokens || 0) * rates.in +
+      (usage.outputTokens || 0) * rates.out) / 1000
+  );
+}
 class Loop {
   /**
    * @param {object} options
@@ -68,6 +95,7 @@ class Loop {
     this.stream?.emit({ type: 'loop:start', data: { messageCount: msgs.length } });
     let lastUsage = { inputTokens: 0, outputTokens: 0 };
+    let totalCost = 0;
     for (let round = 0; round < this.maxRounds; round++) {
       if (this._stopped) break;
@@ -80,17 +108,20 @@ class Loop {
         this.stream?.emit({ type: 'loop:error', data: { error: err.message, round } });
         this.onError?.(err);
         if (this.throwOnError) throw err;
-        return { text: '', toolCalls: [], usage: lastUsage, error: err.message };
+        return { text: '', toolCalls: [], usage: lastUsage, cost: totalCost, error: err.message };
       }
       lastUsage = result.usage || lastUsage;
+      const model = this.provider.model || null;
+      const roundCost = estimateCost(model, lastUsage);
+      if (roundCost !== null) totalCost += roundCost;
       // No tool calls — LLM gave a final text response
       if (!result.toolCalls || result.toolCalls.length === 0) {
         this.stream?.emit({ type: 'loop:text', data: { text: result.text } });
         this.onText?.(result.text);
-        this.stream?.emit({ type: 'loop:done', data: { text: result.text, usage: lastUsage } });
-        return { text: result.text, toolCalls: [], usage: lastUsage, error: null };
+        this.stream?.emit({ type: 'loop:done', data: { text: result.text, usage: lastUsage, cost: totalCost } });
+        return { text: result.text, toolCalls: [], usage: lastUsage, cost: totalCost, error: null };
       }
       // Execute tool calls
@@ -149,9 +180,9 @@ class Loop {
     // maxRounds exceeded
     const warning = `[Loop] ended after ${this.maxRounds} rounds without final response`;
-    this.stream?.emit({ type: 'loop:done', data: { text: '', warning } });
+    this.stream?.emit({ type: 'loop:done', data: { text: '', warning, cost: totalCost } });
     if (this.throwOnError) throw new MaxRoundsError(warning);
-    return { text: '', toolCalls: [], usage: lastUsage, error: warning };
+    return { text: '', toolCalls: [], usage: lastUsage, cost: totalCost, error: warning };
   }
   /**

package/src/mcp-bridge.js ADDED Viewed

@@ -0,0 +1,450 @@
+'use strict';
+const { spawn } = require('node:child_process');
+const { readFileSync, writeFileSync, existsSync } = require('node:fs');
+const { join } = require('node:path');
+const { homedir } = require('node:os');
+const { ToolError } = require('./errors');
+// --- Config discovery (from IDE configs) ---
+const DEFAULT_CONFIG_PATHS = [
+  () => join(process.cwd(), '.mcp.json'),                              // project
+  () => join(homedir(), '.mcp.json'),                                  // home
+  () => join(homedir(), '.claude', 'mcp_servers.json'),                // Claude Code
+  () => join(homedir(), '.config', 'Claude', 'claude_desktop_config.json'), // Claude Desktop
+  () => join(homedir(), '.cursor', 'mcp.json'),                        // Cursor
+];
+function discoverServers(configPaths) {
+  const paths = configPaths || DEFAULT_CONFIG_PATHS.map(fn => fn());
+  const servers = new Map();
+  for (const p of paths) {
+    let raw;
+    try { raw = readFileSync(p, 'utf8'); } catch { continue; }
+    let parsed;
+    try { parsed = JSON.parse(raw); } catch { continue; }
+    const entries = parsed.mcpServers || {};
+    for (const [name, def] of Object.entries(entries)) {
+      if (!servers.has(name)) servers.set(name, def);
+    }
+  }
+  return servers;
+}
+// --- Bridge config file (.mcp-bridge.json) ---
+const DEFAULT_BRIDGE_PATH = () => join(process.cwd(), '.mcp-bridge.json');
+const DEFAULT_TTL = '24h';
+function parseTTL(ttl) {
+  const match = (ttl || DEFAULT_TTL).match(/^(\d+)(s|m|h|d)$/);
+  if (!match) return 24 * 60 * 60 * 1000;
+  const n = parseInt(match[1]);
+  const unit = { s: 1000, m: 60000, h: 3600000, d: 86400000 }[match[2]];
+  return n * unit;
+}
+function readBridgeConfig(filePath) {
+  try {
+    return JSON.parse(readFileSync(filePath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+function writeBridgeConfig(filePath, config) {
+  writeFileSync(filePath, JSON.stringify(config, null, 2) + '\n');
+}
+function isExpired(config) {
+  if (!config || !config.discovered) return true;
+  const ttlMs = parseTTL(config.ttl);
+  return Date.now() - new Date(config.discovered).getTime() > ttlMs;
+}
+/**
+ * Merge fresh discovery into existing config.
+ * - New servers: added with all tools "allow"
+ * - Removed servers: removed from config
+ * - New tools on existing server: added as "allow"
+ * - Removed tools on existing server: removed from config
+ * - Existing tools: user's allow/deny preserved
+ */
+function mergeBridgeConfig(existing, discovered, freshTools) {
+  const merged = {
+    discovered: new Date().toISOString(),
+    ttl: existing?.ttl || DEFAULT_TTL,
+    servers: {},
+  };
+  for (const [name, def] of discovered) {
+    const serverTools = freshTools.get(name) || [];
+    const existingServer = existing?.servers?.[name];
+    const existingTools = existingServer?.tools || {};
+    const tools = {};
+    for (const t of serverTools) {
+      tools[t.name] = existingTools[t.name] || 'allow';
+    }
+    merged.servers[name] = {
+      command: def.command,
+      args: def.args || [],
+      ...(def.env && { env: def.env }),
+      ...(def.cwd && { cwd: def.cwd }),
+      tools,
+    };
+  }
+  return merged;
+}
+// --- Env resolution ---
+function resolveEnv(env) {
+  if (!env) return {};
+  const resolved = {};
+  for (const [k, v] of Object.entries(env)) {
+    resolved[k] = typeof v === 'string'
+      ? v.replace(/\$\{(\w+)\}/g, (_, name) => process.env[name] || '')
+      : v;
+  }
+  return resolved;
+}
+// --- JSON-RPC stdio client ---
+function createRpcClient(name, def) {
+  const { command, args = [], env, cwd } = def;
+  const mergedEnv = { ...process.env, ...resolveEnv(env) };
+  const child = spawn(command, args, {
+    stdio: ['pipe', 'pipe', 'pipe'],
+    env: mergedEnv,
+    ...(cwd && { cwd }),
+  });
+  const pending = new Map();
+  let nextId = 1;
+  let buffer = '';
+  child.stdout.setEncoding('utf8');
+  child.stdout.on('data', (chunk) => {
+    buffer += chunk;
+    let idx;
+    while ((idx = buffer.indexOf('\n')) !== -1) {
+      const line = buffer.slice(0, idx).trim();
+      buffer = buffer.slice(idx + 1);
+      if (!line) continue;
+      let msg;
+      try { msg = JSON.parse(line); } catch { continue; }
+      if (!msg.id) continue;
+      const p = pending.get(msg.id);
+      if (!p) continue;
+      pending.delete(msg.id);
+      if (msg.error) {
+        p.reject(new ToolError(`MCP server "${name}": ${msg.error.message}`, {
+          context: { code: msg.error.code },
+        }));
+      } else {
+        p.resolve(msg.result);
+      }
+    }
+  });
+  let stderrBuf = '';
+  child.stderr?.setEncoding('utf8');
+  child.stderr?.on('data', (chunk) => { stderrBuf += chunk; });
+  child.on('close', (code) => {
+    for (const [id, { reject }] of pending) {
+      reject(new ToolError(`MCP server "${name}" exited (code ${code}). stderr: ${stderrBuf.slice(-500)}`));
+    }
+    pending.clear();
+  });
+  function rpc(method, params = {}) {
+    const id = nextId++;
+    return new Promise((resolve, reject) => {
+      pending.set(id, { resolve, reject });
+      const msg = JSON.stringify({ jsonrpc: '2.0', id, method, params }) + '\n';
+      child.stdin.write(msg);
+    });
+  }
+  function notify(method, params = {}) {
+    const msg = JSON.stringify({ jsonrpc: '2.0', method, params }) + '\n';
+    child.stdin.write(msg);
+  }
+  return { rpc, notify, child, get stderr() { return stderrBuf; } };
+}
+// --- Content unwrapping ---
+function unwrapContent(content) {
+  if (!Array.isArray(content) || content.length === 0) return '';
+  if (content.length === 1 && content[0].type === 'text') return content[0].text;
+  return content;
+}
+// --- Tool wrapping ---
+function wrapTools(serverName, mcpTools, rpc, policy) {
+  return mcpTools.map(t => ({
+    name: `${serverName}_${t.name}`,
+    description: t.description || '',
+    parameters: t.inputSchema || { type: 'object', properties: {} },
+    execute: async (args) => {
+      if (policy) {
+        const verdict = await policy(serverName, t.name, args);
+        if (verdict === false || typeof verdict === 'string') {
+          const reason = typeof verdict === 'string'
+            ? verdict
+            : `[GOVERNANCE] Tool "${serverName}_${t.name}" is not permitted by policy. Do not retry this tool.`;
+          throw new ToolError(reason, { context: { server: serverName, tool: t.name } });
+        }
+      }
+      const result = await rpc('tools/call', { name: t.name, arguments: args });
+      if (result.isError) {
+        throw new ToolError(unwrapContent(result.content) || 'MCP tool error', {
+          context: { server: serverName, tool: t.name },
+        });
+      }
+      return unwrapContent(result.content);
+    },
+  }));
+}
+// --- Server lifecycle ---
+async function killServer(child) {
+  if (child.exitCode !== null) return;
+  child.stdin?.destroy();
+  child.stdout?.destroy();
+  child.stderr?.destroy();
+  await new Promise(resolve => {
+    const onClose = () => resolve();
+    child.once('close', onClose);
+    setTimeout(() => {
+      child.removeListener('close', onClose);
+      resolve();
+    }, 700);
+  });
+  if (child.exitCode === null) {
+    child.kill('SIGTERM');
+    await new Promise(resolve => {
+      const onClose = () => resolve();
+      child.once('close', onClose);
+      setTimeout(() => {
+        child.removeListener('close', onClose);
+        resolve();
+      }, 700);
+    });
+  }
+  if (child.exitCode === null) {
+    child.kill('SIGKILL');
+  }
+  child.unref();
+}
+// --- Connect + list tools from a server ---
+async function connectAndListTools(name, def, timeout = 15000) {
+  const client = createRpcClient(name, def);
+  const init = client.rpc('initialize', {
+    protocolVersion: '2024-11-05',
+    capabilities: {},
+    clientInfo: { name: 'bare-agent', version: '0.5.0' },
+  });
+  const timer = new Promise((_, reject) =>
+    setTimeout(() => reject(new ToolError(`MCP server "${name}" init timed out after ${timeout}ms`)), timeout)
+  );
+  await Promise.race([init, timer]);
+  client.notify('notifications/initialized');
+  const { tools: mcpTools } = await client.rpc('tools/list');
+  return { mcpTools, client };
+}
+// --- System context for LLM ---
+function buildSystemContext(servers, tools, denied) {
+  const lines = [];
+  lines.push(`MCP Bridge: ${tools.length} tools available from ${servers.length} server(s): ${servers.join(', ')}.`);
+  const byServer = {};
+  for (const t of tools) {
+    const parts = t.name.split('_');
+    const server = parts[0];
+    (byServer[server] = byServer[server] || []).push(t.name.replace(`${server}_`, ''));
+  }
+  for (const [server, toolNames] of Object.entries(byServer)) {
+    lines.push(`  ${server}: ${toolNames.join(', ')}`);
+  }
+  if (denied.length > 0) {
+    lines.push(`Restricted tools (${denied.length}, not available to you):`);
+    for (const d of denied) {
+      lines.push(`  - ${d.server}_${d.tool}: ${d.description.slice(0, 80)} [denied]`);
+    }
+    lines.push('If you need a restricted tool, explain what you need and why to the user.');
+  }
+  const governance = denied.length > 0 ? 'filtered' : 'open (all tools exposed)';
+  lines.push(`Governance: ${governance}.`);
+  if (denied.length === 0) {
+    lines.push('To restrict tools, edit .mcp-bridge.json and set tools to "deny".');
+  }
+  return lines.join('\n');
+}
+// --- Main entry point ---
+/**
+ * Create an MCP bridge. On first run, discovers MCP servers from IDE configs,
+ * connects, lists tools, and writes .mcp-bridge.json with all tools set to "allow".
+ * On subsequent runs, reads .mcp-bridge.json and respects allow/deny per tool.
+ * Re-discovers when TTL expires (default: 24h).
+ *
+ * @param {object} [opts]
+ * @param {string} [opts.bridgePath] - Path to .mcp-bridge.json. Default: .mcp-bridge.json in cwd.
+ * @param {string[]} [opts.configPaths] - IDE config paths for discovery.
+ * @param {string[]} [opts.servers] - Limit to these server names.
+ * @param {number} [opts.timeout=15000] - Per-server init timeout in ms.
+ * @param {Function} [opts.policy] - Async function(serverName, toolName, args) for runtime arg-dependent checks.
+ * @param {boolean} [opts.refresh=false] - Force re-discovery regardless of TTL.
+ * @returns {Promise<{tools: Array, servers: string[], systemContext: string, denied: Array, close: Function}>}
+ */
+async function createMCPBridge(opts = {}) {
+  const bridgePath = opts.bridgePath || DEFAULT_BRIDGE_PATH();
+  const timeout = opts.timeout || 15000;
+  let config = readBridgeConfig(bridgePath);
+  const needsRefresh = opts.refresh || !config || isExpired(config);
+  if (needsRefresh) {
+    // Discover from IDE configs
+    const discovered = discoverServers(opts.configPaths);
+    if (discovered.size === 0 && !config) {
+      return { tools: [], servers: [], systemContext: '', denied: [], close: async () => {} };
+    }
+    // Connect to all discovered servers and list their tools
+    const freshTools = new Map();
+    const connectResults = new Map();
+    const errors = [];
+    const toDiscover = opts.servers
+      ? [...discovered.entries()].filter(([n]) => opts.servers.includes(n))
+      : [...discovered.entries()];
+    await Promise.all(toDiscover.map(async ([name, def]) => {
+      try {
+        const result = await connectAndListTools(name, def, timeout);
+        freshTools.set(name, result.mcpTools);
+        connectResults.set(name, result.client);
+      } catch (err) {
+        errors.push({ server: name, error: err.message });
+      }
+    }));
+    if (errors.length > 0) {
+      console.warn('[MCP Bridge] Some servers failed to connect:', errors);
+    }
+    // Merge with existing config (preserves user's allow/deny)
+    config = mergeBridgeConfig(config, new Map(toDiscover), freshTools);
+    // Write the config file
+    writeBridgeConfig(bridgePath, config);
+    console.log(`[MCP Bridge] Wrote ${bridgePath}`);
+    // Close the discovery connections — we'll reconnect below using the config
+    for (const client of connectResults.values()) {
+      await killServer(client.child);
+    }
+  }
+  // Filter to requested servers
+  const serverNames = opts.servers
+    ? opts.servers.filter(n => config.servers[n])
+    : Object.keys(config.servers);
+  if (serverNames.length === 0) {
+    return { tools: [], servers: [], systemContext: '', denied: [], close: async () => {} };
+  }
+  // Connect to servers and wrap only allowed tools
+  const tools = [];
+  const children = [];
+  const connected = [];
+  const denied = [];
+  const errors = [];
+  await Promise.all(serverNames.map(async (name) => {
+    const serverConf = config.servers[name];
+    const allowedToolNames = Object.entries(serverConf.tools)
+      .filter(([, perm]) => perm === 'allow')
+      .map(([t]) => t);
+    const deniedToolNames = Object.entries(serverConf.tools)
+      .filter(([, perm]) => perm !== 'allow')
+      .map(([t]) => t);
+    try {
+      const { mcpTools, client } = await connectAndListTools(name, serverConf, timeout);
+      // Only wrap tools that are allowed in config
+      const allowed = mcpTools.filter(t => allowedToolNames.includes(t.name));
+      const wrapped = wrapTools(name, allowed, client.rpc, opts.policy);
+      tools.push(...wrapped);
+      children.push(client.child);
+      connected.push(name);
+      // Track denied tools with descriptions from the server
+      for (const t of mcpTools) {
+        if (deniedToolNames.includes(t.name)) {
+          denied.push({ server: name, tool: t.name, description: t.description || '' });
+        }
+      }
+    } catch (err) {
+      errors.push({ server: name, error: err.message });
+    }
+  }));
+  if (errors.length > 0) {
+    console.warn('[MCP Bridge] Some servers failed to connect:', errors);
+  }
+  const systemContext = buildSystemContext(connected, tools, denied);
+  if (connected.length > 0) console.log(systemContext);
+  return {
+    tools,
+    servers: connected,
+    denied,
+    systemContext,
+    errors,
+    close: async () => {
+      await Promise.all(children.map(killServer));
+    },
+  };
+}
+module.exports = { createMCPBridge, discoverServers };

package/src/mcp.js ADDED Viewed

@@ -0,0 +1,5 @@
+'use strict';
+const { createMCPBridge, discoverServers } = require('./mcp-bridge');
+module.exports = { createMCPBridge, discoverServers };