codeloop-mcp-server 0.1.63 → 0.1.64

package/dist/auth/critical_floors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"critical_floors.d.ts","sourceRoot":"","sources":["../../src/auth/critical_floors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,MAAM,WAAW,aAAa;IAC5B,4DAA4D;IAC5D,WAAW,EAAE,MAAM,CAAC;IACpB,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EA+E1C,CAAC"}
+{"version":3,"file":"critical_floors.d.ts","sourceRoot":"","sources":["../../src/auth/critical_floors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,MAAM,WAAW,aAAa;IAC5B,4DAA4D;IAC5D,WAAW,EAAE,MAAM,CAAC;IACpB,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EAoF1C,CAAC"}

package/dist/auth/critical_floors.js

@@ -100,6 +100,10 @@ export const CRITICAL_FLOORS = [
         min_version: "0.1.61",
         reason: "0.1.60 could CRASH THE ENTIRE MCP SERVER on a warm npx cache — backend_runtime.js (new in 0.1.60) statically imported @codelooptech/shared/init/detect-backend, a submodule first shipped in shared@0.1.30, but both codeloop-mcp-server and codeloop only pinned `@codelooptech/shared: ^0.1.22`. So npx could pair mcp-server 0.1.60 with an OLDER cached shared (0.1.22–0.1.29) that lacks detect-backend.js, and the static import threw ERR_MODULE_NOT_FOUND at module-load time, taking down index -> verify -> backend_runtime before any tool could run (the same class of stale-cache skew the 0.1.53 floor first patched for rules-version.js, reintroduced when the dep floor wasn't raised alongside the new submodule). 0.1.61 fixes it durably two ways: (1) raises the @codelooptech/shared dependency floor to ^0.1.30 in BOTH codeloop-mcp-server and codeloop so a fresh resolve can never pick a shared missing the file, and (2) makes detect-backend a LAZY, GUARDED dynamic import — if the submodule can't be loaded for any reason, backend auto-detection degrades to n/a (backend gates skip) instead of crashing the server, so no future shared-submodule addition can ever hard-crash CodeLoop again. Users on a broken 0.1.60 install must clear the npx cache (delete %LocalAppData%/npm-cache/_npx on Windows or ~/.npm/_npx on macOS/Linux, or run `npx clear-npx-cache`) and relaunch so npx fetches 0.1.61.",
     },
+    {
+        min_version: "0.1.64",
+        reason: "Observability blind spot — pre-0.1.64 CodeLoop could only SCAN whatever logs an app happened to emit (runtime_log_clean_evidence over backend.log + app log + browser console); it never checked whether the app HAD a logging system, and it never pulled production / hosting / third-party logs. So an app with no structured logger, no request logging, and no global error handler swallowed exceptions invisibly and the runtime-log gate passed as n/a (nothing to scan) — root causes stayed unfindable. 0.1.64 ships an observability-enforcement layer: (1) logging_observability_evidence — a per-stack (node/web/python/dotnet/flutter/go/rust) applicable-or-n/a BLOCKER gate that detects whether the project has a structured logger, request/HTTP logging (servers), and a global error handler / React error boundary, classifies the project (frontend/backend/fullstack/cli/library) to decide which dimensions are required, and BLOCKS ready_for_review with stack-specific 'build this' instructions when a required dimension is missing (severity + per-dimension requirements tunable via config.observability); (2) remote-log collection — auto-detects deploy targets + SaaS providers from project markers (Vercel/Netlify/Heroku/Fly/Railway/Render/Cloudflare/Firebase/Google Cloud/AWS/Supabase/Stripe/Convex + a config-extensible long tail) and, when the provider CLI is installed, pulls read-only logs into the run's logs/ dir so production / 3rd-party errors flow through the same runtime_log_clean_evidence blocker as local logs — when a detected provider's CLI is missing or unauthenticated, CodeLoop pushes the agent to install / log in; (3) per-interaction log correlation — codeloop_interaction_replay now ties each recorded codeloop_interact to the backend/app/remote log lines emitted in a window around it (errorsNear), so a click that triggers a server-side error is bound directly to the offending log line. ALSO in 0.1.64: revoked-key diagnostics no longer mislead users with an active key. Cursor/Claude inject CODELOOP_API_KEY from the mcp.json `env` block, which OVERRIDES the shell — so a stale hardcoded key in .cursor/mcp.json kept losing to the dashboard-rotated key in ~/.zshrc, yet the old diagnostic scanned ONLY rc files and (finding the live key there) pointed users at ~/.zshrc, making the revoked-key error look like a CodeLoop bug ('but my key is active!'). identifyKeySource now scans the mcp.json env blocks (project + global Cursor, .mcp.json, .vscode, Claude) FIRST, reports the exact hardcoded file+line, and detects SHADOWING (a different active key sitting in the shell/config that the hardcoded key is silently overriding) so the fix instructions name the real file to edit and tell the user to reload the MCP server.",
+    },
     {
         min_version: "0.1.63",
         reason: "Out-of-app confirm/alert modal was NEVER detected (recurrence) — 0.1.54/0.1.55/0.1.57 only hardened FILE dialogs; a plain Yes/No confirmation MessageBox raised by clicking a button (e.g. Photometry-DB 'Delete TEMP PCB Test Range') stayed invisible to the detector and blocked the journey. detectWindowsModal only flagged a window when UIA reported IsModal=true AND the dialog TITLE contained the app name, OR the title matched a file-dialog pattern — but a WPF/WinForms MessageBox is a SEPARATE top-level #32770 window whose caption is 'Confirm'/'Delete'/the app name and whose UIA IsModal flag is frequently FALSE, so it slipped through every pass (is_modal_present:false). No F4 directive fired and the agent kept clicking the now-blocked button beneath it, then mis-read 'click missed' and looped. A second bug compounded it: win_ui_inspect / win_ui_automate located the app window with an EXACT NameProperty match, so app_name 'Photometry DB' never matched the live title 'PhotometryDB - Professional…' (no space) and every inspect returned 'App window not found', forcing coordinate guessing. 0.1.63 ships H12: (1) the Windows modal probe now collects each window's ProcessId and resolves the app's own pid(s) + main-window handle(s), and flags any app-OWNED secondary top-level window carrying a dialog signal (modal flag / #32770 or dialog class / confirm-or-alert title) as the modal regardless of its caption — the title- and IsModal-independent ownership signal that finally catches in-process MessageBox confirms; (2) classifyModalKind now treats an ambiguous #32770 as `confirm` (routes to codeloop_handle_modal for an agent decision) instead of `file_dialog` (auto-Escape), while a file-TITLED #32770 stays file_dialog; (3) codeloop_handle_modal with decision confirm/cancel now INVOKES the matching Yes/OK/Save/Delete or No/Cancel button on the dialog directly via UIA and re-detects to confirm it cleared, so a destructive Yes/No box no longer depends on which button is the Enter/Escape default; (4) buildUiaAppElementLookup + a whitespace-insensitive process-lookup fallback make win_ui_inspect / win_ui_automate / screenshot / window-bounds resolve the app window even when app_name differs from the live title by spaces or a suffix, or doesn't embed it at all (owning-process match).",

package/dist/auth/critical_floors.js.map

@@ -1 +1 @@
-{"version":3,"file":"critical_floors.js","sourceRoot":"","sources":["../../src/auth/critical_floors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AASH;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,ufAAuf;KAC1f;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EAAE,4hBAA4hB;KACriB;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EAAE,yvBAAyvB;KAClwB;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,kxBAAkxB;KACrxB;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,0/BAA0/B;KAC7/B;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,0iCAA0iC;KAC7iC;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,gqDAAgqD;KACnqD;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,uqDAAuqD;KAC1qD;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,w+EAAw+E;KAC3+E;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,88EAA88E;KACj9E;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,uiEAAuiE;KAC1iE;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,u/DAAu/D;KAC1/D;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,k3DAAk3D;KACr3D;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,oiDAAoiD;KACviD;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,g3CAAg3C;KACn3C;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,gwEAAgwE;KACnwE;CACF,CAAC"}
+{"version":3,"file":"critical_floors.js","sourceRoot":"","sources":["../../src/auth/critical_floors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AASH;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,ufAAuf;KAC1f;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EAAE,4hBAA4hB;KACriB;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EAAE,yvBAAyvB;KAClwB;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,kxBAAkxB;KACrxB;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,0/BAA0/B;KAC7/B;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,0iCAA0iC;KAC7iC;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,gqDAAgqD;KACnqD;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,uqDAAuqD;KAC1qD;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,w+EAAw+E;KAC3+E;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,88EAA88E;KACj9E;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,uiEAAuiE;KAC1iE;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,u/DAAu/D;KAC1/D;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,k3DAAk3D;KACr3D;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,oiDAAoiD;KACviD;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,g3CAAg3C;KACn3C;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,srFAAsrF;KACzrF;IACD;QACE,WAAW,EAAE,QAAQ;QACrB,MAAM,EACJ,gwEAAgwE;KACnwE;CACF,CAAC"}

package/dist/auth/key_resolver.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Self-healing API-key resolver.
+ *
+ * The failure mode we're closing: Cursor / Claude Code launch the MCP
+ * server with a `CODELOOP_API_KEY` injected from an mcp.json `env` block.
+ * That value OVERRIDES the user's shell. When the user rotates their key
+ * on the dashboard and updates `~/.zshrc` (or the dashboard rotates it for
+ * them) but forgets the hardcoded mcp.json copy, the server keeps
+ * presenting a now-REVOKED key and every tool call hard-blocks — even
+ * though the user has a perfectly active key sitting in another file.
+ *
+ * `resolveActiveApiKey` makes that impossible to get stuck on: if the
+ * configured key validates, we use it (zero extra work, no disk scan). If
+ * it's revoked/invalid, we scan the other on-disk keys (shell, PowerShell,
+ * every mcp.json, config.json) and use the FIRST one that validates,
+ * reporting which stale file the user should clean up. As long as ANY
+ * active key exists on the machine, CodeLoop keeps working.
+ *
+ * We only ever fall back when the primary key is genuinely invalid — never
+ * on `activation_required` (no key at all) and never on a transient
+ * backend/offline result (validateApiKey already returns `valid: true` in
+ * offline mode). Full key values are read only to attempt validation and
+ * are never logged.
+ */
+import type { ApiKeyValidation, ActivationResponse } from "@codelooptech/shared";
+import { type OnDiskKey } from "./key_source.js";
+export interface ResolvedApiKey {
+    /** The key that should actually be used for this run (may differ from the input). */
+    key: string | undefined;
+    /** Validation result for `key`. */
+    result: ApiKeyValidation | ActivationResponse;
+    /**
+     * Present only when we fell back from a revoked configured key to an
+     * active on-disk key. Drives the user-facing recovery notice.
+     */
+    recovered?: {
+        /** Prefix of the revoked key that was configured (e.g. injected by mcp.json). */
+        stale_prefix: string;
+        /** Prefix of the active key we recovered to. */
+        active_prefix: string;
+        /** Where the active key was found. */
+        origin: OnDiskKey["origin"];
+        file: string;
+        line: number | null;
+    };
+    /** How many distinct on-disk keys we tried (diagnostics only). */
+    tried_count?: number;
+}
+/**
+ * Validate `configuredKey`; if it's revoked/invalid, attempt to recover by
+ * trying every other distinct key found on disk. Returns the first key that
+ * validates (or the original failing result if none do).
+ */
+export declare function resolveActiveApiKey(configuredKey: string | undefined, projectDir: string): Promise<ResolvedApiKey>;
+//# sourceMappingURL=key_resolver.d.ts.map

package/dist/auth/key_resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key_resolver.d.ts","sourceRoot":"","sources":["../../src/auth/key_resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,OAAO,KAAK,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAEjF,OAAO,EAAqB,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEpE,MAAM,WAAW,cAAc;IAC7B,qFAAqF;IACrF,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;IACxB,mCAAmC;IACnC,MAAM,EAAE,gBAAgB,GAAG,kBAAkB,CAAC;IAC9C;;;OAGG;IACH,SAAS,CAAC,EAAE;QACV,iFAAiF;QACjF,YAAY,EAAE,MAAM,CAAC;QACrB,gDAAgD;QAChD,aAAa,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;KACrB,CAAC;IACF,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAMD;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,MAAM,GAAG,SAAS,EACjC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,CAAC,CAmCzB"}

package/dist/auth/key_resolver.js

@@ -0,0 +1,41 @@
+import { validateApiKey, isActivationRequired } from "./api_key.js";
+import { collectOnDiskKeys } from "./key_source.js";
+function isValid(r) {
+    return !isActivationRequired(r) && r.valid === true;
+}
+/**
+ * Validate `configuredKey`; if it's revoked/invalid, attempt to recover by
+ * trying every other distinct key found on disk. Returns the first key that
+ * validates (or the original failing result if none do).
+ */
+export async function resolveActiveApiKey(configuredKey, projectDir) {
+    const primary = await validateApiKey(configuredKey);
+    // No key configured at all, or a valid key, or an offline/transient
+    // success — use as-is. (validateApiKey returns valid:true when the
+    // backend is unreachable, so we don't scan in that case.)
+    if (isActivationRequired(primary) || isValid(primary)) {
+        return { key: configuredKey, result: primary };
+    }
+    // Primary key is genuinely invalid/revoked. Try the other on-disk keys.
+    const candidates = collectOnDiskKeys(projectDir).filter((c) => c.value && c.value !== configuredKey);
+    for (const cand of candidates) {
+        const r = await validateApiKey(cand.value);
+        if (isValid(r)) {
+            return {
+                key: cand.value,
+                result: r,
+                recovered: {
+                    stale_prefix: (configuredKey ?? "").slice(0, 12),
+                    active_prefix: cand.key_prefix,
+                    origin: cand.origin,
+                    file: cand.file,
+                    line: cand.line,
+                },
+                tried_count: candidates.length,
+            };
+        }
+    }
+    // Nothing on disk validated — surface the original failure.
+    return { key: configuredKey, result: primary, tried_count: candidates.length };
+}
+//# sourceMappingURL=key_resolver.js.map

package/dist/auth/key_resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key_resolver.js","sourceRoot":"","sources":["../../src/auth/key_resolver.ts"],"names":[],"mappings":"AAyBA,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAkB,MAAM,iBAAiB,CAAC;AAyBpE,SAAS,OAAO,CAAC,CAAwC;IACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAK,CAAsB,CAAC,KAAK,KAAK,IAAI,CAAC;AAC5E,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,aAAiC,EACjC,UAAkB;IAElB,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,CAAC;IAEpD,oEAAoE;IACpE,mEAAmE;IACnE,0DAA0D;IAC1D,IAAI,oBAAoB,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACjD,CAAC;IAED,wEAAwE;IACxE,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC,MAAM,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,KAAK,aAAa,CAC5C,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,OAAO;gBACL,GAAG,EAAE,IAAI,CAAC,KAAK;gBACf,MAAM,EAAE,CAAC;gBACT,SAAS,EAAE;oBACT,YAAY,EAAE,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChD,aAAa,EAAE,IAAI,CAAC,UAAU;oBAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB;gBACD,WAAW,EAAE,UAAU,CAAC,MAAM;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;AACjF,CAAC"}

package/dist/auth/key_source.d.ts

@@ -1,3 +1,9 @@
+export interface ConfigHit {
+    /** Absolute path of the file that owns the value. */
+    file: string;
+    /** 1-based line number of the match, when locatable. */
+    line: number | null;
+}
 export type KeySource = {
     kind: "env";
     env_var: "CODELOOP_API_KEY";
@@ -7,22 +13,72 @@ export type KeySource = {
     line: number | null;
     /** First 12 chars of the key (safe to log). */
     key_prefix: string;
+    /**
+     * mcp.json `env` blocks that hardcode THIS exact key. When present
+     * these are the EFFECTIVE source — the IDE injects them and they
+     * override the shell — so the diagnostic points here first.
+     */
+    mcp_config_files?: ConfigHit[];
+    /**
+     * A DIFFERENT key found in the shell rc / config.json that the
+     * effective (hardcoded) key is silently overriding. Explains the
+     * "but my key is active!" case: the active key is there, just
+     * shadowed.
+     */
+    shadow?: {
+        key_prefix: string;
+        file: string;
+        line: number | null;
+    };
 } | {
     kind: "config";
     file: string;
     key_prefix: string;
+    mcp_config_files?: ConfigHit[];
+    shadow?: {
+        key_prefix: string;
+        file: string;
+        line: number | null;
+    };
 } | {
     kind: "none";
 };
 /**
  * Resolve the source of the API key currently being presented to the
- * MCP server. Pass the same `apiKey` value the server uses (`process.env.CODELOOP_API_KEY || config.api_key`)
- * and the `projectDir` it discovered.
+ * MCP server. Pass the same `apiKey` value the server uses
+ * (`process.env.CODELOOP_API_KEY || config.api_key`) and the
+ * `projectDir` it discovered.
  *
- * Safe to call on every revoked-key error: scanning a handful of rc
- * files is microseconds and we cache nothing.
+ * Safe to call on every revoked-key error: scanning a handful of files
+ * is microseconds and we cache nothing.
  */
 export declare function identifyKeySource(apiKey: string | undefined, projectDir: string): KeySource;
+/** An API key value discovered on disk, with where it came from. */
+export interface OnDiskKey {
+    /** Full key value (used only to attempt validation; never logged). */
+    value: string;
+    /** First 12 chars — safe to surface. */
+    key_prefix: string;
+    /** Human-readable origin: "shell", "powershell", "mcp_config", or "config_json". */
+    origin: "shell" | "powershell" | "mcp_config" | "config_json";
+    /** Absolute path of the owning file. */
+    file: string;
+    /** 1-based line number, when locatable. */
+    line: number | null;
+}
+/**
+ * Gather EVERY CodeLoop API key written anywhere on disk that could plausibly
+ * be the user's real key — shell rc files, PowerShell profiles, every
+ * mcp.json `env` block (all clients × OS), and the project's
+ * `.codeloop/config.json`. De-duplicated by full value, preserving the
+ * priority order (mcp.json first — it's what the IDE injects — then shell,
+ * then config).
+ *
+ * Used by the self-heal path: when the configured key is REVOKED we try each
+ * of these in turn so that as long as the user has ANY active key on disk,
+ * CodeLoop keeps working instead of hard-blocking.
+ */
+export declare function collectOnDiskKeys(projectDir: string): OnDiskKey[];
 /**
  * Build the user-facing fix instructions for a revoked-key situation.
  * Returned as a structured object so callers can embed it in the JSON

package/dist/auth/key_source.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"key_source.d.ts","sourceRoot":"","sources":["../../src/auth/key_source.ts"],"names":[],"mappings":"AA+BA,MAAM,MAAM,SAAS,GACjB;IACE,IAAI,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,kBAAkB,CAAC;IAC5B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,4DAA4D;IAC5D,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,+CAA+C;IAC/C,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,IAAI,EAAE,QAAQ,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAsErB;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,UAAU,EAAE,MAAM,GACjB,SAAS,CAyBX;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,SAAS,GAAG;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB,CA6CA"}
+{"version":3,"file":"key_source.d.ts","sourceRoot":"","sources":["../../src/auth/key_source.ts"],"names":[],"mappings":"AAwCA,MAAM,WAAW,SAAS;IACxB,qDAAqD;IACrD,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,MAAM,SAAS,GACjB;IACE,IAAI,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,kBAAkB,CAAC;IAC5B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,4DAA4D;IAC5D,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,+CAA+C;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,SAAS,EAAE,CAAC;IAC/B;;;;;OAKG;IACH,MAAM,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;CACpE,GACD;IACE,IAAI,EAAE,QAAQ,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,SAAS,EAAE,CAAC;IAC/B,MAAM,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;CACpE,GACD;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAqMrB;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,UAAU,EAAE,MAAM,GACjB,SAAS,CA8CX;AAED,oEAAoE;AACpE,MAAM,WAAW,SAAS;IACxB,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,MAAM,EAAE,OAAO,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;IAC9D,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,2CAA2C;IAC3C,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;CACrB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,CAwBjE;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,SAAS,GAAG;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB,CAqFA"}

package/dist/auth/key_source.js

@@ -7,23 +7,32 @@
  * We never log or return the key value itself, only its prefix and the
  * file/line that owns it.
  *
- * Source ranking (matches the read order in `index.ts:57` —
- * `process.env.CODELOOP_API_KEY || config.api_key`):
+ * Why this is more than an rc-file scan
+ * -------------------------------------
+ * Cursor / Claude Code launch the MCP server with an `env` block from
+ * `.cursor/mcp.json` (project) and `~/.cursor/mcp.json` (global). That
+ * block is injected straight into the child process's environment and
+ * therefore OVERRIDES anything the user exported in `~/.zshrc`. So the
+ * value the server reads from `process.env.CODELOOP_API_KEY` is, in the
+ * common Cursor setup, the hardcoded mcp.json key — NOT the shell one.
  *
- *   1. `process.env.CODELOOP_API_KEY` (wins) — scan common shell rc
- *      files for the `export CODELOOP_API_KEY=...` line so we can tell
- *      the user *which* file owns the value their shell currently
- *      exports. We match by prefix (first 12 chars of the key) so we
- *      don't accidentally point them at an OLD line that happens to
- *      mention the var.
+ * The original implementation only scanned shell rc files. When the
+ * effective key was a stale mcp.json hardcode, the scan found nothing
+ * matching there and fell back to "likely ~/.zshrc" — pointing the user
+ * at the very file where their ACTIVE (rotated) key lives, which made
+ * the revoked-key error look like a CodeLoop bug ("but my key is
+ * active!"). We now scan the mcp.json `env` blocks FIRST (they win at
+ * runtime) and also detect SHADOWING — a different key sitting in the
+ * shell / config that the hardcoded mcp.json key is silently overriding
+ * — so the message explains exactly what happened.
  *
- *   2. `config.api_key` from the project's `.codeloop/config.json` —
- *      simple file-path callout.
+ * Source ranking (matches the read order in `index.ts` —
+ * `process.env.CODELOOP_API_KEY || config.api_key`):
  *
+ *   1. `process.env.CODELOOP_API_KEY` (wins) — scan mcp.json env blocks
+ *      AND shell rc files for the line that owns the live value.
+ *   2. `config.api_key` from the project's `.codeloop/config.json`.
  *   3. neither — `{ source: "none" }` (activation required).
- *
- * The returned `fix_steps` are deliberately copy-paste shell commands
- * the user can run to rotate, so the agent can present them verbatim.
  */
 import { existsSync, readFileSync } from "node:fs";
 import { join } from "node:path";
@@ -37,28 +46,72 @@ const SHELL_RC_CANDIDATES = [
     ".bashrc",
     ".bash_profile",
     ".profile",
-    // Fish and PowerShell aren't covered yet — env vars set there don't
-    // typically leak into Cursor's MCP child process anyway. Add them if
-    // a user reports a real-world miss.
+    // Fish: env vars set here don't usually leak into Cursor's MCP child,
+    // but they're cheap to scan and help the diagnostic point at the right
+    // file when a user does export from there.
+    join(".config", "fish", "config.fish"),
 ];
 /**
- * Scan well-known shell rc files for an `export CODELOOP_API_KEY=...`
- * line whose value's first 12 chars equal `keyPrefix`. Returns the
- * first match (rc files are read in the order above; the user's shell
- * applies them in roughly the same order so the first hit is usually
- * the winning one). Returns `null` if nothing matched.
- *
- * We deliberately match by prefix — not by full string — so:
- *   - We never store the full key in this process's memory longer
- *     than the comparison.
- *   - Stale `export` lines for an older key don't masquerade as the
- *     current source.
+ * PowerShell profile scripts — the Windows equivalent of the shell rc
+ * files. A user who runs `$env:CODELOOP_API_KEY = "…"` (or `setx`) here
+ * is the Windows analogue of an `export` line in `~/.zshrc`, so we scan
+ * them for parity. Covers Windows PowerShell 5.1, PowerShell 7 (Windows
+ * + macOS/Linux), and the OneDrive-redirected Documents folder Windows
+ * often uses.
  */
-function findExportLine(keyPrefix) {
-    // Walk a fairly generic pattern: `export CODELOOP_API_KEY="cl_live_…"`
-    // or `setenv CODELOOP_API_KEY "cl_live_…"` (csh-style). We accept
-    // single or double quotes and optional whitespace.
+function powerShellProfileCandidates() {
+    const home = userHome();
+    const out = [
+        join(home, "Documents", "WindowsPowerShell", "Microsoft.PowerShell_profile.ps1"),
+        join(home, "Documents", "PowerShell", "Microsoft.PowerShell_profile.ps1"),
+        join(home, "Documents", "WindowsPowerShell", "profile.ps1"),
+        join(home, "Documents", "PowerShell", "profile.ps1"),
+        // OneDrive-redirected Documents (very common on managed Windows).
+        join(home, "OneDrive", "Documents", "WindowsPowerShell", "Microsoft.PowerShell_profile.ps1"),
+        join(home, "OneDrive", "Documents", "PowerShell", "Microsoft.PowerShell_profile.ps1"),
+        // PowerShell 7 on macOS / Linux.
+        join(home, ".config", "powershell", "Microsoft.PowerShell_profile.ps1"),
+    ];
+    return out;
+}
+/**
+ * mcp.json-style config files whose `env` block can inject
+ * CODELOOP_API_KEY into the MCP server process. This is the list that
+ * matters most: Cursor / Claude Code launch the server with this `env`
+ * block, which OVERRIDES the shell. Covers every client × OS combination
+ * we support so a stale hardcoded key is always locatable.
+ */
+function mcpConfigCandidates(projectDir) {
+    const home = userHome();
+    const appData = process.env.APPDATA; // Windows roaming app data
+    const out = [
+        // Cursor — project + global (same path on macOS/Linux/Windows via homedir).
+        join(projectDir, ".cursor", "mcp.json"),
+        join(home, ".cursor", "mcp.json"),
+        // Generic / VS Code project conventions.
+        join(projectDir, ".mcp.json"),
+        join(projectDir, ".vscode", "mcp.json"),
+        // VS Code user-level mcp.json (per OS).
+        join(home, "Library", "Application Support", "Code", "User", "mcp.json"),
+        join(home, ".config", "Code", "User", "mcp.json"),
+        // Claude Code (CLI) — global + nested project configs live in ~/.claude.json.
+        join(home, ".claude.json"),
+        // Claude Desktop — macOS, Linux, and Windows (%APPDATA%) locations.
+        join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json"),
+        join(home, ".config", "claude", "claude_desktop_config.json"),
+        // Windsurf / Codeium.
+        join(home, ".codeium", "windsurf", "mcp_config.json"),
+    ];
+    if (appData) {
+        out.push(join(appData, "Claude", "claude_desktop_config.json"));
+        out.push(join(appData, "Code", "User", "mcp.json"));
+    }
+    return out;
+}
+/** Scan shell rc files for `export CODELOOP_API_KEY=…` lines. */
+function scanRcFiles() {
     const home = userHome();
+    const out = [];
     for (const name of SHELL_RC_CANDIDATES) {
         const path = join(home, name);
         if (!existsSync(path))
@@ -73,45 +126,148 @@ function findExportLine(keyPrefix) {
         const lines = body.split("\n");
         for (let i = 0; i < lines.length; i += 1) {
             const line = lines[i] ?? "";
-            // Cheap pre-filter — most rc files never mention us.
             if (!line.includes("CODELOOP_API_KEY"))
                 continue;
-            // Match anything that looks like an export of our env var. We
-            // tolerate `export FOO=bar` with or without quotes, and the
-            // `setenv FOO bar` csh form for completeness.
-            const m = /(?:export\s+|setenv\s+)CODELOOP_API_KEY\s*[= ]\s*["']?([^"'\s]+)["']?/.exec(line);
+            // bash/zsh `export FOO=…` / csh `setenv FOO …` / fish `set -x FOO …`.
+            const m = /(?:export\s+|setenv\s+|set\s+(?:-x\s+|--export\s+)?)CODELOOP_API_KEY\s*[= ]\s*["']?([^"'\s]+)["']?/.exec(line);
             if (!m)
                 continue;
-            const raw = m[1] ?? "";
-            if (raw.slice(0, keyPrefix.length) !== keyPrefix)
+            out.push({ file: path, line: i + 1, value: m[1] ?? "" });
+        }
+    }
+    return out;
+}
+/** Scan PowerShell profiles for `$env:CODELOOP_API_KEY = "…"` / `setx` lines. */
+function scanPowerShellProfiles() {
+    const out = [];
+    const seen = new Set();
+    for (const path of powerShellProfileCandidates()) {
+        if (seen.has(path))
+            continue;
+        seen.add(path);
+        if (!existsSync(path))
+            continue;
+        let body;
+        try {
+            body = readFileSync(path, "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const lines = body.split("\n");
+        for (let i = 0; i < lines.length; i += 1) {
+            const line = lines[i] ?? "";
+            if (!line.includes("CODELOOP_API_KEY"))
+                continue;
+            // `$env:CODELOOP_API_KEY = "…"` or `setx CODELOOP_API_KEY "…"`.
+            const m = /(?:\$env:CODELOOP_API_KEY\s*=\s*|setx\s+CODELOOP_API_KEY\s+)["']?([^"'\s]+)["']?/.exec(line);
+            if (!m)
                 continue;
-            return { file: path, line: i + 1 };
+            out.push({ file: path, line: i + 1, value: m[1] ?? "" });
         }
     }
-    return null;
+    return out;
+}
+/** Combined shell + PowerShell scan — the cross-platform rc-file equivalent. */
+function scanShellKeyFiles() {
+    return [...scanRcFiles(), ...scanPowerShellProfiles()];
+}
+/** Read the `api_key` value out of a project's `.codeloop/config.json`. */
+function scanProjectConfig(projectDir) {
+    const path = join(projectDir, ".codeloop", "config.json");
+    if (!existsSync(path))
+        return [];
+    let body;
+    try {
+        body = readFileSync(path, "utf-8");
+    }
+    catch {
+        return [];
+    }
+    const lines = body.split("\n");
+    for (let i = 0; i < lines.length; i += 1) {
+        const line = lines[i] ?? "";
+        if (!line.includes("api_key"))
+            continue;
+        const m = /"api_key"\s*:\s*"([^"]+)"/.exec(line);
+        if (!m)
+            continue;
+        return [{ file: path, line: i + 1, value: m[1] ?? "" }];
+    }
+    return [];
+}
+/** Scan mcp.json-style config files for a hardcoded `"CODELOOP_API_KEY": "…"`. */
+function scanMcpConfigs(projectDir) {
+    const out = [];
+    const seen = new Set();
+    for (const path of mcpConfigCandidates(projectDir)) {
+        if (seen.has(path))
+            continue;
+        seen.add(path);
+        if (!existsSync(path))
+            continue;
+        let body;
+        try {
+            body = readFileSync(path, "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const lines = body.split("\n");
+        for (let i = 0; i < lines.length; i += 1) {
+            const line = lines[i] ?? "";
+            if (!line.includes("CODELOOP_API_KEY"))
+                continue;
+            // JSON form: "CODELOOP_API_KEY": "cl_live_…"
+            const m = /"CODELOOP_API_KEY"\s*:\s*"([^"]+)"/.exec(line);
+            if (!m)
+                continue;
+            out.push({ file: path, line: i + 1, value: m[1] ?? "" });
+        }
+    }
+    return out;
+}
+function prefixOf(value) {
+    return value.slice(0, 12);
 }
 /**
  * Resolve the source of the API key currently being presented to the
- * MCP server. Pass the same `apiKey` value the server uses (`process.env.CODELOOP_API_KEY || config.api_key`)
- * and the `projectDir` it discovered.
+ * MCP server. Pass the same `apiKey` value the server uses
+ * (`process.env.CODELOOP_API_KEY || config.api_key`) and the
+ * `projectDir` it discovered.
  *
- * Safe to call on every revoked-key error: scanning a handful of rc
- * files is microseconds and we cache nothing.
+ * Safe to call on every revoked-key error: scanning a handful of files
+ * is microseconds and we cache nothing.
  */
 export function identifyKeySource(apiKey, projectDir) {
     if (!apiKey || apiKey.trim() === "") {
         return { kind: "none" };
     }
-    const prefix = apiKey.slice(0, 12);
+    const prefix = prefixOf(apiKey);
+    const rcLines = scanShellKeyFiles();
+    const mcpLines = scanMcpConfigs(projectDir);
+    // mcp.json env blocks that hardcode THIS exact key — the effective
+    // override at runtime under Cursor / Claude Code.
+    const mcpHits = mcpLines
+        .filter((l) => l.value.slice(0, prefix.length) === prefix)
+        .map((l) => ({ file: l.file, line: l.line }));
+    // A DIFFERENT key sitting anywhere on disk — the one the user likely
+    // thinks is active but which the effective key is shadowing.
+    const shadowLine = [...mcpLines, ...rcLines].find((l) => l.value && l.value.slice(0, prefix.length) !== prefix);
+    const shadow = shadowLine
+        ? { key_prefix: prefixOf(shadowLine.value), file: shadowLine.file, line: shadowLine.line }
+        : undefined;
     // Branch 1: env var wins per the read order in index.ts.
     if (process.env.CODELOOP_API_KEY && process.env.CODELOOP_API_KEY === apiKey) {
-        const hit = findExportLine(prefix);
+        const rcHit = rcLines.find((l) => l.value.slice(0, prefix.length) === prefix);
         return {
             kind: "env",
             env_var: "CODELOOP_API_KEY",
-            file: hit?.file ?? null,
-            line: hit?.line ?? null,
+            file: rcHit?.file ?? null,
+            line: rcHit?.line ?? null,
             key_prefix: prefix,
+            mcp_config_files: mcpHits.length > 0 ? mcpHits : undefined,
+            shadow,
         };
     }
     // Branch 2: came from the project config.
@@ -119,14 +275,91 @@ export function identifyKeySource(apiKey, projectDir) {
         kind: "config",
         file: join(projectDir, ".codeloop", "config.json"),
         key_prefix: prefix,
+        mcp_config_files: mcpHits.length > 0 ? mcpHits : undefined,
+        shadow,
     };
 }
+/**
+ * Gather EVERY CodeLoop API key written anywhere on disk that could plausibly
+ * be the user's real key — shell rc files, PowerShell profiles, every
+ * mcp.json `env` block (all clients × OS), and the project's
+ * `.codeloop/config.json`. De-duplicated by full value, preserving the
+ * priority order (mcp.json first — it's what the IDE injects — then shell,
+ * then config).
+ *
+ * Used by the self-heal path: when the configured key is REVOKED we try each
+ * of these in turn so that as long as the user has ANY active key on disk,
+ * CodeLoop keeps working instead of hard-blocking.
+ */
+export function collectOnDiskKeys(projectDir) {
+    const groups = [
+        { origin: "mcp_config", lines: scanMcpConfigs(projectDir) },
+        { origin: "shell", lines: scanRcFiles() },
+        { origin: "powershell", lines: scanPowerShellProfiles() },
+        { origin: "config_json", lines: scanProjectConfig(projectDir) },
+    ];
+    const out = [];
+    const seenValues = new Set();
+    for (const g of groups) {
+        for (const l of g.lines) {
+            const value = (l.value ?? "").trim();
+            if (!value || seenValues.has(value))
+                continue;
+            seenValues.add(value);
+            out.push({
+                value,
+                key_prefix: prefixOf(value),
+                origin: g.origin,
+                file: l.file,
+                line: l.line,
+            });
+        }
+    }
+    return out;
+}
 /**
  * Build the user-facing fix instructions for a revoked-key situation.
  * Returned as a structured object so callers can embed it in the JSON
  * error envelope; rendering is up to the agent.
  */
 export function buildRevokedKeyDiagnostic(source) {
+    // The single highest-value case: the revoked key is hardcoded in one
+    // or more mcp.json env blocks. Those override the shell, so this is
+    // the file the user must edit — even though their shell may hold a
+    // perfectly active key.
+    const mcpFiles = source.mcp_config_files;
+    const shadow = source.shadow;
+    if ((source.kind === "env" || source.kind === "config") && mcpFiles && mcpFiles.length > 0) {
+        const fileList = mcpFiles
+            .map((h) => (h.line ? `${h.file} (line ${h.line})` : h.file))
+            .join(" and ");
+        const shadowNote = shadow
+            ? ` Your shell/config has a DIFFERENT key (${shadow.key_prefix}…) in ${shadow.file}, ` +
+                `but it is being IGNORED because the hardcoded mcp.json key takes precedence — ` +
+                `this is why your key looks active but isn't the one CodeLoop is using.`
+            : "";
+        const prefix = source.key_prefix ?? "your key";
+        return {
+            message: `Your API key (${prefix}…) is revoked. It is HARDCODED in the \`env\` block of ${fileList}, ` +
+                `which your IDE injects into the CodeLoop MCP server and which OVERRIDES any key exported in your shell ` +
+                `(~/.zshrc) or stored in .codeloop/config.json.${shadowNote} ` +
+                `Fix: replace the CODELOOP_API_KEY value in ${fileList} with an active key from ` +
+                `https://codeloop.tech/dashboard/keys (or DELETE that line to fall back to your shell/config key), ` +
+                `then fully reload the CodeLoop MCP server — toggle it off/on in your IDE's MCP settings, or restart the IDE.`,
+            source,
+            fix_steps: [
+                `# 1. Edit the mcp.json file(s) that hardcode the revoked key:`,
+                ...mcpFiles.map((h) => `open -e "${h.file}"`),
+                `# 2. In each "mcpServers" -> "codeloop" -> "env" block, set CODELOOP_API_KEY to an`,
+                `#    active key from https://codeloop.tech/dashboard/keys — OR delete the`,
+                `#    CODELOOP_API_KEY line entirely so the server uses your shell / .codeloop/config.json key.`,
+                ...(shadow
+                    ? [`#    (An active-looking key ${shadow.key_prefix}… already lives in ${shadow.file}.)`]
+                    : []),
+                `# 3. Reload the MCP server: toggle CodeLoop off/on in your IDE's MCP settings, or restart the IDE.`,
+            ],
+        };
+    }
     if (source.kind === "env") {
         const location = source.file && source.line
             ? `${source.file} line ${source.line}`