fullstackgtm 0.10.1 → 0.11.0

package/src/connectors/salesforceAuth.ts

@@ -155,13 +155,26 @@ export async function validateSalesforceToken(
   instanceUrl: string,
   fetchImpl: typeof fetch = fetch,
 ): Promise<{ ok: boolean; detail: string }> {
-  const response = await fetchImpl(
-    `${instanceUrl.replace(/\/$/, "")}/services/oauth2/userinfo`,
-    { headers: { Authorization: `Bearer ${accessToken}` } },
-  );
+  let response: Response;
+  try {
+    response = await fetchImpl(
+      `${instanceUrl.replace(/\/$/, "")}/services/oauth2/userinfo`,
+      { headers: { Authorization: `Bearer ${accessToken}` } },
+    );
+  } catch (error) {
+    const cause = error instanceof Error && error.cause instanceof Error ? `: ${error.cause.message}` : "";
+    return {
+      ok: false,
+      detail: `Cannot reach Salesforce at ${instanceUrl}${cause}. Check the --instance-url (your My Domain URL, e.g. https://yourco.my.salesforce.com) and network access.`,
+    };
+  }
   if (response.ok) {
     return { ok: true, detail: "Token accepted by the Salesforce API." };
   }
-  const body = await response.text();
-  return { ok: false, detail: `Salesforce rejected the token (${response.status}): ${body}` };
+  // Never echo the response body: provider error payloads can reflect request
+  // details and end up in logs or shell scrollback.
+  return {
+    ok: false,
+    detail: `Salesforce rejected the token: HTTP ${response.status} ${response.statusText}`.trim(),
+  };
 }

package/src/credentials.ts

@@ -2,6 +2,7 @@ import {
   chmodSync,
   existsSync,
   mkdirSync,
+  readdirSync,
   readFileSync,
   unlinkSync,
   writeFileSync,
@@ -15,8 +16,63 @@ import { refreshSalesforceToken } from "./connectors/salesforceAuth.ts";
  * Local CLI credential store: ~/.fullstackgtm/credentials.json (0600), or
  * $FSGTM_HOME/credentials.json when set. Environment tokens always win over
  * stored credentials so CI and agent sandboxes never touch the filesystem.
+ *
+ * Profiles let one operator hold credentials for several organizations at
+ * once (a consultant working across client CRMs). The default profile keeps
+ * the historical layout; a named profile scopes the entire home — credentials
+ * AND stored plans — under `profiles/<name>/`, so a patch plan proposed
+ * against one client's CRM can never be applied through another client's
+ * credentials.
  */
 
+export const DEFAULT_PROFILE = "default";
+
+const PROFILE_NAME_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._-]{0,63}$/;
+
+let explicitProfile: string | null = null;
+
+export function validateProfileName(name: string): string {
+  if (!PROFILE_NAME_PATTERN.test(name) || name === "." || name === "..") {
+    throw new Error(
+      `Invalid profile name: ${JSON.stringify(name)}. Use letters, numbers, dots, dashes, ` +
+        "or underscores (must start with a letter or number, max 64 characters).",
+    );
+  }
+  return name;
+}
+
+/** Select the profile for this process; wins over $FULLSTACKGTM_PROFILE. */
+export function setActiveProfile(name: string) {
+  explicitProfile = validateProfileName(name);
+}
+
+export function activeProfile(): string {
+  if (explicitProfile) return explicitProfile;
+  const fromEnv = process.env.FULLSTACKGTM_PROFILE;
+  return fromEnv ? validateProfileName(fromEnv) : DEFAULT_PROFILE;
+}
+
+/** Base home directory, shared by every profile. */
+export function baseHomeDir(): string {
+  return process.env.FSGTM_HOME ?? join(homedir(), ".fullstackgtm");
+}
+
+/**
+ * Profiles that exist on disk (have a directory), always including the
+ * default profile. Existence does not imply stored credentials.
+ */
+export function listProfiles(): string[] {
+  const names = new Set([DEFAULT_PROFILE]);
+  try {
+    for (const entry of readdirSync(join(baseHomeDir(), "profiles"), { withFileTypes: true })) {
+      if (entry.isDirectory() && PROFILE_NAME_PATTERN.test(entry.name)) names.add(entry.name);
+    }
+  } catch {
+    // No profiles directory yet.
+  }
+  return Array.from(names).sort();
+}
+
 export type StoredCredential = {
   kind: "private_app" | "oauth" | "broker";
   accessToken: string;
@@ -43,7 +99,9 @@ type CredentialsFile = {
 };
 
 export function credentialsDir(): string {
-  return process.env.FSGTM_HOME ?? join(homedir(), ".fullstackgtm");
+  const base = baseHomeDir();
+  const profile = activeProfile();
+  return profile === DEFAULT_PROFILE ? base : join(base, "profiles", profile);
 }
 
 export function credentialsPath(): string {
@@ -59,11 +117,18 @@ export function credentialsPath(): string {
  */
 export function ensureSecureHomeDir(): string {
   const dir = credentialsDir();
-  mkdirSync(dir, { recursive: true, mode: 0o700 });
-  try {
-    chmodSync(dir, 0o700);
-  } catch {
-    // Non-POSIX filesystems (e.g. Windows) ignore chmod; nothing to enforce.
+  // A named profile nests under base/profiles/<name>; lock down every level
+  // we create, not just the leaf — recursive mkdir applies `mode` (less
+  // umask) only to directories it creates, and never to pre-existing ones.
+  const levels =
+    dir === baseHomeDir() ? [dir] : [baseHomeDir(), join(baseHomeDir(), "profiles"), dir];
+  for (const level of levels) {
+    mkdirSync(level, { recursive: true, mode: 0o700 });
+    try {
+      chmodSync(level, 0o700);
+    } catch {
+      // Non-POSIX filesystems (e.g. Windows) ignore chmod; nothing to enforce.
+    }
   }
   return dir;
 }

package/src/index.ts

@@ -34,12 +34,16 @@ export {
 } from "./connectors/salesforceAuth.ts";
 export { createStripeConnector, type StripeConnectorOptions } from "./connectors/stripe.ts";
 export {
+  activeProfile,
   credentialsDir,
   credentialsPath,
+  DEFAULT_PROFILE,
   deleteCredential,
   getCredential,
+  listProfiles,
   resolveHubspotAccessToken,
   resolveHubspotConnection,
+  setActiveProfile,
   storeCredential,
   type HubspotConnection,
   type StoredCredential,
@@ -64,6 +68,7 @@ export {
 } from "./merge.ts";
 export { createFilePlanStore, type PlanStore, type StoredPlan } from "./planStore.ts";
 export { formatPatchPlanRun, patchPlanToMarkdown } from "./format.ts";
+export { auditReportToHtml, auditReportToMarkdown, type ReportOptions } from "./report.ts";
 export {
   HUBSPOT_DEFAULT_FIELD_MAPPINGS,
   SALESFORCE_DEFAULT_FIELD_MAPPINGS,
@@ -83,6 +88,7 @@ export {
   closingSoonInactiveRule,
   duplicateAccountDomainRule,
   duplicateContactEmailRule,
+  duplicateOpenDealRule,
   missingDealAccountRule,
   missingDealAmountRule,
   missingDealOwnerRule,
@@ -93,6 +99,7 @@ export {
   staleDealRule,
 } from "./rules.ts";
 export { sampleSnapshot } from "./sampleData.ts";
+export { suggestValues, type SuggestionConfidence, type ValueSuggestion } from "./suggest.ts";
 export type {
   ApprovalStatus,
   AuditFinding,

package/src/mcp.ts

@@ -46,6 +46,7 @@ import type { FieldMappings } from "./mappings.ts";
 import { formatPatchPlanRun, patchPlanToMarkdown } from "./format.ts";
 import { builtinAuditRules } from "./rules.ts";
 import { sampleSnapshot } from "./sampleData.ts";
+import { suggestValues } from "./suggest.ts";
 import type { CanonicalGtmSnapshot, GtmConnector, PatchPlan } from "./types.ts";
 
 function content(value: unknown) {
@@ -166,6 +167,27 @@ export async function startMcpServer() {
     },
   );
 
+  server.registerTool(
+    "fullstackgtm_suggest",
+    {
+      title: "Suggest Placeholder Values",
+      description:
+        "Derive values for a plan's requires_human_* placeholder operations from snapshot " +
+        "evidence (account-name matching, contact associations), with confidence levels and " +
+        "reasons. Read-only; feed accepted values into fullstackgtm_apply's valueOverrides.",
+      inputSchema: {
+        planPath: z.string(),
+        provider: z.enum(["sample", "demo", "hubspot", "salesforce", "stripe"]).optional(),
+        inputPath: z.string().optional(),
+      },
+    },
+    async ({ planPath, provider, inputPath }) => {
+      const plan = JSON.parse(readFileSync(resolve(process.cwd(), planPath), "utf8")) as PatchPlan;
+      const snapshot = await readSnapshot(provider, inputPath);
+      return content({ suggestions: suggestValues(plan, snapshot) });
+    },
+  );
+
   server.registerTool(
     "fullstackgtm_rules",
     {