npm - cli-claw-kit - Versions diffs - 0.0.1 - Mend

cli-claw-kit 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (295) hide show

package/LICENSE +21 -0
package/README.md +245 -0
package/config/default-groups.json +1 -0
package/config/global-agents-md.template.md +37 -0
package/config/mount-allowlist.json +11 -0
package/container/Dockerfile +160 -0
package/container/agent-runner/dist/.tsbuildinfo +1 -0
package/container/agent-runner/dist/agent-definitions.js +22 -0
package/container/agent-runner/dist/channel-prefixes.js +16 -0
package/container/agent-runner/dist/codex-config.js +29 -0
package/container/agent-runner/dist/image-detector.js +96 -0
package/container/agent-runner/dist/index.js +2587 -0
package/container/agent-runner/dist/mcp-tools.js +1076 -0
package/container/agent-runner/dist/stream-event.types.js +5 -0
package/container/agent-runner/dist/stream-processor.js +867 -0
package/container/agent-runner/dist/types.js +6 -0
package/container/agent-runner/dist/utils.js +115 -0
package/container/agent-runner/package.json +36 -0
package/container/agent-runner/prompts/security-rules.md +31 -0
package/container/agent-runner/src/agent-definitions.ts +27 -0
package/container/agent-runner/src/channel-prefixes.ts +16 -0
package/container/agent-runner/src/codex-config.ts +40 -0
package/container/agent-runner/src/image-detector.ts +116 -0
package/container/agent-runner/src/index.ts +3107 -0
package/container/agent-runner/src/mcp-tools.ts +1295 -0
package/container/agent-runner/src/stream-event.types.ts +10 -0
package/container/agent-runner/src/stream-processor.ts +932 -0
package/container/agent-runner/src/types.ts +75 -0
package/container/agent-runner/src/utils.ts +114 -0
package/container/agent-runner/tsconfig.json +17 -0
package/container/build.sh +28 -0
package/container/entrypoint.sh +64 -0
package/container/skills/agent-browser/SKILL.md +159 -0
package/container/skills/install-skill/SKILL.md +64 -0
package/container/skills/post-test-cleanup/SKILL.md +121 -0
package/dist/.tsbuildinfo +1 -0
package/dist/agent-output-parser.js +459 -0
package/dist/app-root.js +52 -0
package/dist/assistant-meta-footer.js +1 -0
package/dist/auth.js +91 -0
package/dist/billing.js +694 -0
package/dist/channel-prefixes.js +16 -0
package/dist/cli.js +86 -0
package/dist/commands.js +79 -0
package/dist/config.js +120 -0
package/dist/container-runner.js +981 -0
package/dist/daily-summary.js +210 -0
package/dist/db.js +3683 -0
package/dist/dingtalk.js +1347 -0
package/dist/feishu-markdown-style.js +97 -0
package/dist/feishu-streaming-card.js +1875 -0
package/dist/feishu.js +1628 -0
package/dist/file-manager.js +270 -0
package/dist/group-queue.js +1070 -0
package/dist/group-runtime.js +35 -0
package/dist/host-workspace-cwd.js +85 -0
package/dist/im-channel.js +384 -0
package/dist/im-command-utils.js +142 -0
package/dist/im-downloader.js +45 -0
package/dist/im-manager.js +527 -0
package/dist/im-utils.js +53 -0
package/dist/image-detector.js +96 -0
package/dist/index.js +5828 -0
package/dist/logger.js +22 -0
package/dist/mcp-utils.js +66 -0
package/dist/message-attachments.js +69 -0
package/dist/message-notifier.js +36 -0
package/dist/middleware/auth.js +85 -0
package/dist/mount-security.js +315 -0
package/dist/permissions.js +67 -0
package/dist/project-memory.js +6 -0
package/dist/provider-pool.js +189 -0
package/dist/qq.js +826 -0
package/dist/reset-admin.js +42 -0
package/dist/routes/admin.js +543 -0
package/dist/routes/agent-definitions.js +241 -0
package/dist/routes/agents.js +533 -0
package/dist/routes/auth.js +675 -0
package/dist/routes/billing.js +490 -0
package/dist/routes/browse.js +210 -0
package/dist/routes/bug-report.js +387 -0
package/dist/routes/config.js +1868 -0
package/dist/routes/files.js +671 -0
package/dist/routes/groups.js +1367 -0
package/dist/routes/mcp-servers.js +320 -0
package/dist/routes/memory.js +523 -0
package/dist/routes/monitor.js +307 -0
package/dist/routes/skills.js +777 -0
package/dist/routes/tasks.js +509 -0
package/dist/routes/usage.js +64 -0
package/dist/routes/workspace-config.js +458 -0
package/dist/runtime-build.js +112 -0
package/dist/runtime-command-handler.js +189 -0
package/dist/runtime-command-registry.js +1 -0
package/dist/runtime-config.js +1777 -0
package/dist/runtime-identity.js +52 -0
package/dist/schemas.js +590 -0
package/dist/script-runner.js +64 -0
package/dist/sdk-query.js +82 -0
package/dist/skill-utils.js +145 -0
package/dist/sqlite-compat.js +19 -0
package/dist/stream-event.types.js +5 -0
package/dist/streaming-runtime-meta.js +29 -0
package/dist/task-scheduler.js +695 -0
package/dist/task-utils.js +13 -0
package/dist/telegram-pairing.js +59 -0
package/dist/telegram.js +897 -0
package/dist/terminal-manager.js +307 -0
package/dist/tool-step-display.js +1 -0
package/dist/types.js +1 -0
package/dist/utils.js +85 -0
package/dist/web-context.js +161 -0
package/dist/web.js +1377 -0
package/dist/wechat-crypto.js +182 -0
package/dist/wechat.js +589 -0
package/dist/workspace-runtime-reset.js +35 -0
package/package.json +107 -0
package/shared/assistant-meta-footer.ts +127 -0
package/shared/channel-prefixes.ts +16 -0
package/shared/dist/assistant-meta-footer.d.ts +29 -0
package/shared/dist/assistant-meta-footer.js +85 -0
package/shared/dist/channel-prefixes.d.ts +4 -0
package/shared/dist/channel-prefixes.js +16 -0
package/shared/dist/image-detector.d.ts +20 -0
package/shared/dist/image-detector.js +96 -0
package/shared/dist/runtime-command-registry.d.ts +38 -0
package/shared/dist/runtime-command-registry.js +185 -0
package/shared/dist/stream-event.d.ts +65 -0
package/shared/dist/stream-event.js +8 -0
package/shared/dist/tool-step-display.d.ts +4 -0
package/shared/dist/tool-step-display.js +11 -0
package/shared/image-detector.ts +116 -0
package/shared/runtime-command-registry.ts +252 -0
package/shared/stream-event.ts +67 -0
package/shared/tool-step-display.ts +21 -0
package/shared/tsconfig.json +24 -0
package/web/dist/assets/BillingPage-B1wBR_o-.js +52 -0
package/web/dist/assets/ChatPage-6GBZ9nXN.css +32 -0
package/web/dist/assets/ChatPage-BOJcXtaj.js +161 -0
package/web/dist/assets/KaTeX_AMS-Regular-BQhdFMY1.woff2 +0 -0
package/web/dist/assets/KaTeX_AMS-Regular-DMm9YOAa.woff +0 -0
package/web/dist/assets/KaTeX_AMS-Regular-DRggAlZN.ttf +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Bold-ATXxdsX0.ttf +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Bold-BEiXGLvX.woff +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Bold-Dq_IR9rO.woff2 +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Regular-CTRA-rTL.woff +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Regular-Di6jR-x-.woff2 +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Regular-wX97UBjC.ttf +0 -0
package/web/dist/assets/KaTeX_Fraktur-Bold-BdnERNNW.ttf +0 -0
package/web/dist/assets/KaTeX_Fraktur-Bold-BsDP51OF.woff +0 -0
package/web/dist/assets/KaTeX_Fraktur-Bold-CL6g_b3V.woff2 +0 -0
package/web/dist/assets/KaTeX_Fraktur-Regular-CB_wures.ttf +0 -0
package/web/dist/assets/KaTeX_Fraktur-Regular-CTYiF6lA.woff2 +0 -0
package/web/dist/assets/KaTeX_Fraktur-Regular-Dxdc4cR9.woff +0 -0
package/web/dist/assets/KaTeX_Main-Bold-Cx986IdX.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-Bold-Jm3AIy58.woff +0 -0
package/web/dist/assets/KaTeX_Main-Bold-waoOVXN0.ttf +0 -0
package/web/dist/assets/KaTeX_Main-BoldItalic-DxDJ3AOS.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-BoldItalic-DzxPMmG6.ttf +0 -0
package/web/dist/assets/KaTeX_Main-BoldItalic-SpSLRI95.woff +0 -0
package/web/dist/assets/KaTeX_Main-Italic-3WenGoN9.ttf +0 -0
package/web/dist/assets/KaTeX_Main-Italic-BMLOBm91.woff +0 -0
package/web/dist/assets/KaTeX_Main-Italic-NWA7e6Wa.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-Regular-B22Nviop.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-Regular-Dr94JaBh.woff +0 -0
package/web/dist/assets/KaTeX_Main-Regular-ypZvNtVU.ttf +0 -0
package/web/dist/assets/KaTeX_Math-BoldItalic-B3XSjfu4.ttf +0 -0
package/web/dist/assets/KaTeX_Math-BoldItalic-CZnvNsCZ.woff2 +0 -0
package/web/dist/assets/KaTeX_Math-BoldItalic-iY-2wyZ7.woff +0 -0
package/web/dist/assets/KaTeX_Math-Italic-DA0__PXp.woff +0 -0
package/web/dist/assets/KaTeX_Math-Italic-flOr_0UB.ttf +0 -0
package/web/dist/assets/KaTeX_Math-Italic-t53AETM-.woff2 +0 -0
package/web/dist/assets/KaTeX_SansSerif-Bold-CFMepnvq.ttf +0 -0
package/web/dist/assets/KaTeX_SansSerif-Bold-D1sUS0GD.woff2 +0 -0
package/web/dist/assets/KaTeX_SansSerif-Bold-DbIhKOiC.woff +0 -0
package/web/dist/assets/KaTeX_SansSerif-Italic-C3H0VqGB.woff2 +0 -0
package/web/dist/assets/KaTeX_SansSerif-Italic-DN2j7dab.woff +0 -0
package/web/dist/assets/KaTeX_SansSerif-Italic-YYjJ1zSn.ttf +0 -0
package/web/dist/assets/KaTeX_SansSerif-Regular-BNo7hRIc.ttf +0 -0
package/web/dist/assets/KaTeX_SansSerif-Regular-CS6fqUqJ.woff +0 -0
package/web/dist/assets/KaTeX_SansSerif-Regular-DDBCnlJ7.woff2 +0 -0
package/web/dist/assets/KaTeX_Script-Regular-C5JkGWo-.ttf +0 -0
package/web/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 +0 -0
package/web/dist/assets/KaTeX_Script-Regular-D5yQViql.woff +0 -0
package/web/dist/assets/KaTeX_Size1-Regular-C195tn64.woff +0 -0
package/web/dist/assets/KaTeX_Size1-Regular-Dbsnue_I.ttf +0 -0
package/web/dist/assets/KaTeX_Size1-Regular-mCD8mA8B.woff2 +0 -0
package/web/dist/assets/KaTeX_Size2-Regular-B7gKUWhC.ttf +0 -0
package/web/dist/assets/KaTeX_Size2-Regular-Dy4dx90m.woff2 +0 -0
package/web/dist/assets/KaTeX_Size2-Regular-oD1tc_U0.woff +0 -0
package/web/dist/assets/KaTeX_Size3-Regular-CTq5MqoE.woff +0 -0
package/web/dist/assets/KaTeX_Size3-Regular-DgpXs0kz.ttf +0 -0
package/web/dist/assets/KaTeX_Size4-Regular-BF-4gkZK.woff +0 -0
package/web/dist/assets/KaTeX_Size4-Regular-DWFBv043.ttf +0 -0
package/web/dist/assets/KaTeX_Size4-Regular-Dl5lxZxV.woff2 +0 -0
package/web/dist/assets/KaTeX_Typewriter-Regular-C0xS9mPB.woff +0 -0
package/web/dist/assets/KaTeX_Typewriter-Regular-CO6r4hn1.woff2 +0 -0
package/web/dist/assets/KaTeX_Typewriter-Regular-D3Ib7_Hf.ttf +0 -0
package/web/dist/assets/SettingsPage-DoY7FoZ_.js +153 -0
package/web/dist/assets/ShareImageDialog-C1ga8b7l.js +22 -0
package/web/dist/assets/TasksPage-CRivnNsx.js +14 -0
package/web/dist/assets/_basePickBy-Bf-bSoS9.js +1 -0
package/web/dist/assets/_baseUniq-zAOaCuKw.js +1 -0
package/web/dist/assets/arc-Dm9mVQ9U.js +1 -0
package/web/dist/assets/architectureDiagram-2XIMDMQ5-BLmzX1wr.js +36 -0
package/web/dist/assets/band-CquvqAHh.js +1 -0
package/web/dist/assets/blockDiagram-WCTKOSBZ-B9pcqm3j.js +132 -0
package/web/dist/assets/c4Diagram-IC4MRINW-Cytx1q3b.js +10 -0
package/web/dist/assets/channel-BOVj73LR.js +1 -0
package/web/dist/assets/channel-meta-CQD0Pei-.js +41 -0
package/web/dist/assets/chunk-4BX2VUAB-0ToDr6RE.js +1 -0
package/web/dist/assets/chunk-55IACEB6-DQDjnXfS.js +1 -0
package/web/dist/assets/chunk-FMBD7UC4-Di8ABm6c.js +15 -0
package/web/dist/assets/chunk-JSJVCQXG-BZQN6rnX.js +1 -0
package/web/dist/assets/chunk-KX2RTZJC-zBbcpaN_.js +1 -0
package/web/dist/assets/chunk-NQ4KR5QH-BCrLoU88.js +220 -0
package/web/dist/assets/chunk-QZHKN3VN-Bqk8juan.js +1 -0
package/web/dist/assets/chunk-WL4C6EOR-D2YX-MHY.js +189 -0
package/web/dist/assets/classDiagram-VBA2DB6C-DUUoMyaK.js +1 -0
package/web/dist/assets/classDiagram-v2-RAHNMMFH-DUUoMyaK.js +1 -0
package/web/dist/assets/clone-BmaCesfa.js +1 -0
package/web/dist/assets/cose-bilkent-S5V4N54A-CTsv6qQA.js +1 -0
package/web/dist/assets/cytoscape.esm-BQaXIfA_.js +331 -0
package/web/dist/assets/dagre-KLK3FWXG-Ci4Jh9nu.js +4 -0
package/web/dist/assets/defaultLocale-DX6XiGOO.js +1 -0
package/web/dist/assets/diagram-E7M64L7V-BFRnfTI2.js +24 -0
package/web/dist/assets/diagram-IFDJBPK2-B7Zhnp0b.js +43 -0
package/web/dist/assets/diagram-P4PSJMXO-BVyP7nwq.js +24 -0
package/web/dist/assets/erDiagram-INFDFZHY-NorKdTOF.js +70 -0
package/web/dist/assets/error-CGD5mp5f.js +1 -0
package/web/dist/assets/flowDiagram-PKNHOUZH-Ch97nABF.js +162 -0
package/web/dist/assets/ganttDiagram-A5KZAMGK-BQ2pLWsy.js +292 -0
package/web/dist/assets/gitGraphDiagram-K3NZZRJ6-bcvnBsD2.js +65 -0
package/web/dist/assets/graph-CeAEckur.js +1 -0
package/web/dist/assets/index-CPnL1_qC.js +768 -0
package/web/dist/assets/index-DVevCbcO.css +10 -0
package/web/dist/assets/infoDiagram-LFFYTUFH-CcsrFdj-.js +2 -0
package/web/dist/assets/init-Dmth1JHB.js +1 -0
package/web/dist/assets/ishikawaDiagram-PHBUUO56-1upyMfHN.js +70 -0
package/web/dist/assets/journeyDiagram-4ABVD52K-CKUi-V0c.js +139 -0
package/web/dist/assets/kanban-definition-K7BYSVSG-DOnQwXfL.js +89 -0
package/web/dist/assets/layout-BmMMqTnJ.js +1 -0
package/web/dist/assets/linear-DiaJloY5.js +1 -0
package/web/dist/assets/mermaid.core-BWLV1B2v.js +254 -0
package/web/dist/assets/mindmap-definition-YRQLILUH-BeAKHVWP.js +68 -0
package/web/dist/assets/ordinal-DILIJJjt.js +1 -0
package/web/dist/assets/pieDiagram-SKSYHLDU-DfiMSfWo.js +30 -0
package/web/dist/assets/quadrantDiagram-337W2JSQ-wZxZOJxd.js +7 -0
package/web/dist/assets/requirementDiagram-Z7DCOOCP-BK4HHm17.js +73 -0
package/web/dist/assets/sankeyDiagram-WA2Y5GQK-BX6t2avX.js +10 -0
package/web/dist/assets/sequenceDiagram-2WXFIKYE-BPQlkbAa.js +145 -0
package/web/dist/assets/sheet-rI0FfB1g.js +6 -0
package/web/dist/assets/sliders-horizontal-CuijWFNK.js +6 -0
package/web/dist/assets/sparkles-BsMYXJoT.js +11 -0
package/web/dist/assets/square-0CqMX1Q3.js +11 -0
package/web/dist/assets/stateDiagram-RAJIS63D-DxkV0Vwd.js +1 -0
package/web/dist/assets/stateDiagram-v2-FVOUBMTO-qLYoiOPe.js +1 -0
package/web/dist/assets/step-D51IIHGA.js +1 -0
package/web/dist/assets/tasks-D8JjBTwx.js +1 -0
package/web/dist/assets/time-O8zIGux3.js +1 -0
package/web/dist/assets/timeline-definition-YZTLITO2-kNp1DyFc.js +61 -0
package/web/dist/assets/treemap-KZPCXAKY-CkrClVhk.js +162 -0
package/web/dist/assets/utils-KGAn0XTg.js +11 -0
package/web/dist/assets/vennDiagram-LZ73GAT5-CgdzEZz4.js +34 -0
package/web/dist/assets/xychartDiagram-JWTSCODW-DfYGPfNB.js +7 -0
package/web/dist/assets/zap-_hKJYy7J.js +6 -0
package/web/dist/favicon.svg +332 -0
package/web/dist/fonts/AlibabaPuHuiTi-3-55-Regular.woff2 +0 -0
package/web/dist/fonts/AlibabaPuHuiTi-3-65-Medium.woff2 +0 -0
package/web/dist/fonts/AlibabaPuHuiTi-3-75-SemiBold.woff2 +0 -0
package/web/dist/fonts/DMSans-latin-ext.woff2 +0 -0
package/web/dist/fonts/DMSans-latin.woff2 +0 -0
package/web/dist/icons/README.md +20 -0
package/web/dist/icons/apple-touch-icon-180.png +0 -0
package/web/dist/icons/icon-128.png +0 -0
package/web/dist/icons/icon-144.png +0 -0
package/web/dist/icons/icon-152.png +0 -0
package/web/dist/icons/icon-192.png +0 -0
package/web/dist/icons/icon-192.svg +332 -0
package/web/dist/icons/icon-384.png +0 -0
package/web/dist/icons/icon-48.png +0 -0
package/web/dist/icons/icon-512-maskable.png +0 -0
package/web/dist/icons/icon-512.png +0 -0
package/web/dist/icons/icon-512.svg +332 -0
package/web/dist/icons/icon-72.png +0 -0
package/web/dist/icons/icon-96.png +0 -0
package/web/dist/icons/loading-logo.svg +332 -0
package/web/dist/icons/logo-1024.png +0 -0
package/web/dist/icons/logo-icon.svg +332 -0
package/web/dist/icons/logo-text.svg +332 -0
package/web/dist/index.html +30 -0
package/web/dist/manifest.webmanifest +1 -0
package/web/dist/registerSW.js +1 -0
package/web/dist/sw.js +1 -0
package/web/dist/workbox-08d6266a.js +1 -0

package/dist/routes/mcp-servers.js ADDED Viewed

@@ -0,0 +1,320 @@
+// MCP Servers management routes
+import { Hono } from 'hono';
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+import { authMiddleware } from '../middleware/auth.js';
+import { DATA_DIR } from '../config.js';
+import { checkMcpServerLimit } from '../billing.js';
+// --- Utility Functions ---
+function getUserMcpServersDir(userId) {
+    return path.join(DATA_DIR, 'mcp-servers', userId);
+}
+function getServersFilePath(userId) {
+    return path.join(getUserMcpServersDir(userId), 'servers.json');
+}
+function getHostSyncManifestPath(userId) {
+    return path.join(getUserMcpServersDir(userId), '.host-sync.json');
+}
+function validateServerId(id) {
+    return /^[\w\-]+$/.test(id) && id !== 'cli-claw';
+}
+async function readMcpServersFile(userId) {
+    try {
+        const data = await fs.readFile(getServersFilePath(userId), 'utf-8');
+        return JSON.parse(data);
+    }
+    catch {
+        return { servers: {} };
+    }
+}
+async function writeMcpServersFile(userId, data) {
+    const dir = getUserMcpServersDir(userId);
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(getServersFilePath(userId), JSON.stringify(data, null, 2));
+}
+async function readHostSyncManifest(userId) {
+    try {
+        const data = await fs.readFile(getHostSyncManifestPath(userId), 'utf-8');
+        return JSON.parse(data);
+    }
+    catch {
+        return { syncedServers: [], lastSyncAt: '' };
+    }
+}
+async function writeHostSyncManifest(userId, manifest) {
+    const dir = getUserMcpServersDir(userId);
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(getHostSyncManifestPath(userId), JSON.stringify(manifest, null, 2));
+}
+// --- Routes ---
+const mcpServersRoutes = new Hono();
+// GET / — list all MCP servers for the current user
+mcpServersRoutes.get('/', authMiddleware, async (c) => {
+    const authUser = c.get('user');
+    const file = await readMcpServersFile(authUser.id);
+    const servers = Object.entries(file.servers).map(([id, entry]) => ({
+        id,
+        ...entry,
+    }));
+    return c.json({ servers });
+});
+// POST / — add a new MCP server
+mcpServersRoutes.post('/', authMiddleware, async (c) => {
+    const authUser = c.get('user');
+    const body = await c.req.json().catch(() => ({}));
+    const { id, command, args, env, description, type, url, headers } = body;
+    if (!id || typeof id !== 'string') {
+        return c.json({ error: 'id is required and must be a string' }, 400);
+    }
+    if (!validateServerId(id)) {
+        return c.json({
+            error: 'Invalid server ID: must match /^[\\w\\-]+$/ and cannot be "cli-claw"',
+        }, 400);
+    }
+    // Billing: check MCP server limit
+    const existingServers = await readMcpServersFile(authUser.id);
+    const currentCount = Object.keys(existingServers.servers).length;
+    if (!existingServers.servers[id]) {
+        // Only check limit for new servers, not updates
+        const limit = checkMcpServerLimit(authUser.id, authUser.role, currentCount);
+        if (!limit.allowed) {
+            return c.json({ error: limit.reason }, 403);
+        }
+    }
+    const isHttpType = type === 'http' || type === 'sse';
+    if (isHttpType) {
+        if (!url || typeof url !== 'string') {
+            return c.json({ error: 'url is required for http/sse type' }, 400);
+        }
+        if (headers !== undefined &&
+            (typeof headers !== 'object' ||
+                headers === null ||
+                Array.isArray(headers))) {
+            return c.json({ error: 'headers must be a plain object' }, 400);
+        }
+    }
+    else {
+        if (!command || typeof command !== 'string') {
+            return c.json({ error: 'command is required and must be a string' }, 400);
+        }
+        if (args !== undefined && !Array.isArray(args)) {
+            return c.json({ error: 'args must be an array of strings' }, 400);
+        }
+        if (env !== undefined &&
+            (typeof env !== 'object' || env === null || Array.isArray(env))) {
+            return c.json({ error: 'env must be a plain object' }, 400);
+        }
+    }
+    const file = await readMcpServersFile(authUser.id);
+    if (file.servers[id]) {
+        return c.json({ error: `Server "${id}" already exists` }, 409);
+    }
+    const entry = {
+        enabled: true,
+        ...(description ? { description } : {}),
+        addedAt: new Date().toISOString(),
+    };
+    if (isHttpType) {
+        entry.type = type;
+        entry.url = url;
+        if (headers && Object.keys(headers).length > 0)
+            entry.headers = headers;
+    }
+    else {
+        entry.command = command;
+        if (args && args.length > 0)
+            entry.args = args;
+        if (env && Object.keys(env).length > 0)
+            entry.env = env;
+    }
+    file.servers[id] = entry;
+    await writeMcpServersFile(authUser.id, file);
+    return c.json({ success: true, server: { id, ...file.servers[id] } });
+});
+// PATCH /:id — update config / enable / disable
+mcpServersRoutes.patch('/:id', authMiddleware, async (c) => {
+    const authUser = c.get('user');
+    const id = c.req.param('id');
+    if (!validateServerId(id)) {
+        return c.json({ error: 'Invalid server ID' }, 400);
+    }
+    const body = await c.req.json().catch(() => ({}));
+    const { command, args, env, enabled, description, url, headers } = body;
+    const file = await readMcpServersFile(authUser.id);
+    const entry = file.servers[id];
+    if (!entry) {
+        return c.json({ error: 'Server not found' }, 404);
+    }
+    // stdio fields
+    if (command !== undefined) {
+        if (typeof command !== 'string' || !command) {
+            return c.json({ error: 'command must be a non-empty string' }, 400);
+        }
+        entry.command = command;
+    }
+    if (args !== undefined) {
+        if (!Array.isArray(args)) {
+            return c.json({ error: 'args must be an array of strings' }, 400);
+        }
+        entry.args = args;
+    }
+    if (env !== undefined) {
+        if (typeof env !== 'object' || env === null || Array.isArray(env)) {
+            return c.json({ error: 'env must be a plain object' }, 400);
+        }
+        entry.env = env;
+    }
+    // http/sse fields
+    if (url !== undefined) {
+        if (typeof url !== 'string' || !url) {
+            return c.json({ error: 'url must be a non-empty string' }, 400);
+        }
+        entry.url = url;
+    }
+    if (headers !== undefined) {
+        if (typeof headers !== 'object' ||
+            headers === null ||
+            Array.isArray(headers)) {
+            return c.json({ error: 'headers must be a plain object' }, 400);
+        }
+        entry.headers = headers;
+    }
+    // common fields
+    if (enabled !== undefined) {
+        if (typeof enabled !== 'boolean') {
+            return c.json({ error: 'enabled must be a boolean' }, 400);
+        }
+        entry.enabled = enabled;
+    }
+    if (description !== undefined) {
+        entry.description =
+            typeof description === 'string' ? description : undefined;
+    }
+    await writeMcpServersFile(authUser.id, file);
+    return c.json({ success: true, server: { id, ...entry } });
+});
+// DELETE /:id — delete a server
+mcpServersRoutes.delete('/:id', authMiddleware, async (c) => {
+    const authUser = c.get('user');
+    const id = c.req.param('id');
+    if (!validateServerId(id)) {
+        return c.json({ error: 'Invalid server ID' }, 400);
+    }
+    const file = await readMcpServersFile(authUser.id);
+    if (!file.servers[id]) {
+        return c.json({ error: 'Server not found' }, 404);
+    }
+    delete file.servers[id];
+    await writeMcpServersFile(authUser.id, file);
+    return c.json({ success: true });
+});
+// POST /sync-host — sync from host MCP configs (admin only)
+// Reads from both ~/.claude/settings.json and ~/.claude.json
+mcpServersRoutes.post('/sync-host', authMiddleware, async (c) => {
+    const authUser = c.get('user');
+    if (authUser.role !== 'admin') {
+        return c.json({ error: 'Only admin can sync host MCP servers' }, 403);
+    }
+    // Read MCP servers from both config file locations
+    let hostServers = {};
+    // Source 1: ~/.claude/settings.json
+    const settingsPath = path.join(os.homedir(), '.claude', 'settings.json');
+    try {
+        const raw = await fs.readFile(settingsPath, 'utf-8');
+        const settings = JSON.parse(raw);
+        if (settings.mcpServers) {
+            hostServers = { ...hostServers, ...settings.mcpServers };
+        }
+    }
+    catch {
+        // File may not exist, that's OK
+    }
+    // Source 2: ~/.claude.json (global Claude Code config, stores per-user MCP settings)
+    // When both files define the same server ID, ~/.claude.json wins because it's
+    // the primary user-facing config file where Claude Code persists MCP settings.
+    const globalConfigPath = path.join(os.homedir(), '.claude.json');
+    try {
+        const raw = await fs.readFile(globalConfigPath, 'utf-8');
+        const config = JSON.parse(raw);
+        if (config.mcpServers) {
+            hostServers = { ...hostServers, ...config.mcpServers };
+        }
+    }
+    catch {
+        // File may not exist, that's OK
+    }
+    if (Object.keys(hostServers).length === 0) {
+        return c.json({
+            added: 0,
+            updated: 0,
+            deleted: 0,
+            skipped: 0,
+            message: 'No MCP servers found in host config files',
+        });
+    }
+    const file = await readMcpServersFile(authUser.id);
+    const manifest = await readHostSyncManifest(authUser.id);
+    const previouslySynced = new Set(manifest.syncedServers);
+    const hostServerIds = new Set(Object.keys(hostServers));
+    const stats = { added: 0, updated: 0, deleted: 0, skipped: 0 };
+    const newSyncedList = [];
+    // Add/update from host
+    for (const [id, hostEntry] of Object.entries(hostServers)) {
+        if (!validateServerId(id)) {
+            stats.skipped++;
+            continue;
+        }
+        const existsInUser = !!file.servers[id];
+        const wasSynced = previouslySynced.has(id);
+        // Skip manually added entries
+        if (existsInUser && !wasSynced) {
+            stats.skipped++;
+            continue;
+        }
+        const isHttpType = hostEntry.type === 'http' || hostEntry.type === 'sse';
+        const entry = {
+            enabled: true,
+            syncedFromHost: true,
+            addedAt: existsInUser
+                ? file.servers[id].addedAt || new Date().toISOString()
+                : new Date().toISOString(),
+        };
+        if (isHttpType) {
+            entry.type = hostEntry.type;
+            entry.url = hostEntry.url || '';
+            if (hostEntry.headers)
+                entry.headers = hostEntry.headers;
+        }
+        else {
+            entry.command = hostEntry.command || '';
+            if (hostEntry.args)
+                entry.args = hostEntry.args;
+            if (hostEntry.env)
+                entry.env = hostEntry.env;
+        }
+        if (existsInUser) {
+            stats.updated++;
+        }
+        else {
+            stats.added++;
+        }
+        file.servers[id] = entry;
+        newSyncedList.push(id);
+    }
+    // Delete servers that were synced before but no longer on host
+    for (const id of previouslySynced) {
+        if (!hostServerIds.has(id) && file.servers[id]?.syncedFromHost) {
+            delete file.servers[id];
+            stats.deleted++;
+        }
+    }
+    await writeMcpServersFile(authUser.id, file);
+    await writeHostSyncManifest(authUser.id, {
+        syncedServers: newSyncedList,
+        lastSyncAt: new Date().toISOString(),
+    });
+    return c.json(stats);
+});
+export { getUserMcpServersDir, readMcpServersFile };
+export default mcpServersRoutes;