gufi-cli 0.1.50 → 0.1.52

package/dist/commands/docs.js

@@ -9,12 +9,8 @@
  */
 import * as fs from "fs";
 import * as path from "path";
-import { fileURLToPath } from "url";
 import chalk from "chalk";
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-// docs/mcp path relative to CLI
-const DOCS_MCP_PATH = path.resolve(__dirname, "../../../../docs/mcp");
+import { DOCS_MCP_PATH } from "../lib/docs-resolver.js";
 // Topic to file mapping
 const TOPIC_FILES = {
     overview: { file: "00-overview.md", description: "Overview and workflow" },

package/dist/index.js

@@ -428,6 +428,7 @@ program
 program
     .command("mcp")
     .description("Start MCP server for Claude integration (stdio transport)")
+    .option("--company <id>", "Company ID for role-based tool filtering (Workforce mode)")
     .action(startMcpServer);
 // ════════════════════════════════════════════════════════════════════
 // 💜 Claude Code Integration

package/dist/lib/docs-resolver.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Resolves documentation paths for both development (monorepo) and global install.
+ *
+ * - Global install: docs are bundled at <pkg>/docs/
+ * - Development:    docs live at <monorepo>/docs/
+ */
+export declare const DOCS_MCP_PATH: string;
+export declare const DOCS_DEV_GUIDE_PATH: string;

package/dist/lib/docs-resolver.js

@@ -0,0 +1,27 @@
+/**
+ * Resolves documentation paths for both development (monorepo) and global install.
+ *
+ * - Global install: docs are bundled at <pkg>/docs/
+ * - Development:    docs live at <monorepo>/docs/
+ */
+import * as fs from "fs";
+import * as path from "path";
+import { fileURLToPath } from "url";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+// Package root: from dist/lib/ go up 2 levels
+const PKG_ROOT = path.resolve(__dirname, "../..");
+function resolveDocsPath(subdir) {
+    // 1. Package-local (global install): <pkg>/docs/<subdir>
+    const localPath = path.join(PKG_ROOT, "docs", subdir);
+    if (fs.existsSync(localPath))
+        return localPath;
+    // 2. Monorepo (development): <pkg>/../../docs/<subdir>
+    const monorepoPath = path.resolve(PKG_ROOT, "../../docs", subdir);
+    if (fs.existsSync(monorepoPath))
+        return monorepoPath;
+    // Fallback to local path (will fail gracefully downstream)
+    return localPath;
+}
+export const DOCS_MCP_PATH = resolveDocsPath("mcp");
+export const DOCS_DEV_GUIDE_PATH = resolveDocsPath("dev-guide");

package/dist/mcp.d.ts

@@ -10,4 +10,6 @@
  *
  * The MCP server exposes all CLI functionality as tools that Claude can call.
  */
-export declare function startMcpServer(): Promise<void>;
+export declare function startMcpServer(options?: {
+    company?: string;
+}): Promise<void>;

package/dist/mcp.js

@@ -48,10 +48,8 @@ const COLUMN_TYPE_NAMES = [
 // For ES modules __dirname equivalent
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-// docs/mcp path relative to CLI
-const DOCS_MCP_PATH = path.resolve(__dirname, "../../../docs/mcp");
-// docs/dev-guide path for integration docs
-const DOCS_DEV_GUIDE_PATH = path.resolve(__dirname, "../../../docs/dev-guide");
+// Docs paths - resolved for both global install and monorepo dev
+import { DOCS_MCP_PATH, DOCS_DEV_GUIDE_PATH } from "./lib/docs-resolver.js";
 /**
  * Parse frontmatter from markdown content
  */
@@ -587,6 +585,47 @@ function getDesc(toolName, fallback = "") {
 }
 // Environment parameter description (reused across tools)
 const ENV_PARAM = { type: "string", description: "Environment: 'prod' (default) or 'dev'. Use 'dev' for development against localhost:3000" };
+// ════════════════════════════════════════════════════════════════════════════
+// Workforce Mode - Role-based tool filtering
+// ════════════════════════════════════════════════════════════════════════════
+const ADMIN_ROLES = ['admin', 'superadmin', 'consultant'];
+function hasAdminAccess(roles) {
+    return roles.some(r => ADMIN_ROLES.includes(r.toLowerCase()));
+}
+// Tools that require Admin/Consultant role
+const ADMIN_ONLY_TOOLS = [
+    'gufi_schema_modify',
+    'gufi_env',
+    'gufi_automation_scripts',
+    'gufi_automation_meta',
+    'gufi_view_pull',
+    'gufi_view_push',
+    'gufi_view_test',
+    'gufi_browse',
+    'gufi_endpoints',
+];
+// Workforce state (null = developer mode, everything allowed)
+let workforceState = null;
+function checkEntityWritePermission(table, action, state) {
+    const entityPerms = state.entityPermissions[table];
+    if (!entityPerms)
+        return false;
+    const permMap = {
+        create: 'entity:edit',
+        update: 'entity:edit',
+        delete: 'entity:delete',
+    };
+    const required = permMap[action];
+    for (const role of state.roles) {
+        const perms = entityPerms[role];
+        if (perms === '*')
+            return true;
+        if (Array.isArray(perms) && (perms.includes(required) || perms.includes(`${required}_own`))) {
+            return true;
+        }
+    }
+    return false;
+}
 const TOOLS = [
     // ─────────────────────────────────────────────────────────────────────────
     // Context & Info
@@ -944,6 +983,61 @@ Examples:
         },
     },
     // ─────────────────────────────────────────────────────────────────────────
+    // Browse - Headless browser for any Gufi page
+    // ─────────────────────────────────────────────────────────────────────────
+    {
+        name: "gufi_browse",
+        description: `Browse any Gufi page in headless browser. Returns console logs, errors, API calls, and screenshot.
+
+Use to visually verify UI changes, test dialogs, check table layouts, etc.
+
+3 ways to specify the page:
+  entity: 'ventas.productos' → opens the table view (resolves module/entity automatically)
+  page: 'home' | 'automations' | 'audit' | 'views' | 'env-variables' | 'endpoints' | 'integrations' | 'agents' | 'organization' | 'database'
+  path: '/150/m308_t4136' → any raw frontend path
+
+Examples:
+  gufi_browse({ entity: 'ventas.productos', company_id: '150' })
+  gufi_browse({ page: 'home', company_id: '150' })
+  gufi_browse({ page: 'automations', company_id: '150' })
+  gufi_browse({ entity: 'ventas.productos', company_id: '150', actions: [{ type: 'click', selector: 'text:Exportar' }, { type: 'delay', ms: 500 }] })`,
+        inputSchema: {
+            type: "object",
+            properties: {
+                path: { type: "string", description: "Raw URL path (e.g., '/150/m308_t4136'). Use entity or page shortcuts instead when possible." },
+                entity: { type: "string", description: "Entity shortcut in 'module.entity' format (e.g., 'ventas.productos'). Resolves to table view automatically." },
+                page: { type: "string", description: "Page shortcut: home, automations, audit, views, env-variables, endpoints, integrations, agents, organization, database" },
+                company_id: { type: "string", description: "Company ID for authentication context" },
+                timeout: { type: "number", description: "Navigation timeout in ms (default: 15000)" },
+                actions: {
+                    type: "array",
+                    description: `Actions to perform after page loads. Same as gufi_view_test.
+- Explore: {type:'explore'}
+- Click: {type:'click', selector:'text:Exportar'}
+- Screenshot: {type:'screenshot'}
+- Delay: {type:'delay', ms:1000}
+- Fill: {type:'fill', selector:'input[name=q]', value:'test'}`,
+                    items: {
+                        type: "object",
+                        properties: {
+                            type: { type: "string", description: "explore, click, closeModals, fill, clear, select, wait, waitForText, delay, scroll, hover, screenshot, getText, eval" },
+                            selector: { type: "string", description: "CSS selector OR 'text:Button Text'" },
+                            value: { type: "string", description: "Value for fill/select" },
+                            text: { type: "string", description: "Text to wait for (waitForText)" },
+                            ms: { type: "number", description: "Milliseconds for delay" },
+                            y: { type: "number", description: "Pixels to scroll" },
+                            timeout: { type: "number", description: "Timeout for wait (default 5000)" },
+                            code: { type: "string", description: "JS code for eval action" },
+                        },
+                    },
+                },
+                capture_screenshot: { type: "boolean", description: "Include base64 screenshot (default: true)" },
+                env: ENV_PARAM,
+            },
+            required: ["company_id"],
+        },
+    },
+    // ─────────────────────────────────────────────────────────────────────────
     // 💜 DISABLED: Packages (not actively used, keeping MCP simple)
     // ─────────────────────────────────────────────────────────────────────────
     // gufi_package → Re-enable when marketplace packages become priority
@@ -1806,11 +1900,6 @@ const toolHandlers = {
             // 💜 CLI: Save to ~/gufi-dev/company_<id>/view_<id>/
             const viewDir = path.join(LOCAL_VIEWS_DIR, `company_${companyId}`, `view_${viewId}`);
             fs.mkdirSync(viewDir, { recursive: true });
-            // 💜 Migrate: if old path exists (~/gufi-dev/view_<id>/), remove it
-            const oldViewDir = path.join(LOCAL_VIEWS_DIR, `view_${viewId}`);
-            if (fs.existsSync(oldViewDir)) {
-                fs.rmSync(oldViewDir, { recursive: true, force: true });
-            }
             // 💜 Get latest snapshot for version tracking
             let latestSnapshot;
             try {
@@ -1890,7 +1979,6 @@ const toolHandlers = {
         }
         // 💜 Try to get company_id from view metadata if not provided
         if (!companyId && useLocal) {
-            // Try new path first (company_*/view_*)
             const companyDirs = fs.existsSync(LOCAL_VIEWS_DIR)
                 ? fs.readdirSync(LOCAL_VIEWS_DIR).filter(d => d.startsWith("company_"))
                 : [];
@@ -1906,18 +1994,6 @@ const toolHandlers = {
                     break;
                 }
             }
-            // Fallback: old path (view_*)
-            if (!companyId) {
-                const oldMetaPath = path.join(LOCAL_VIEWS_DIR, `view_${viewId}`, ".gufi-view.json");
-                if (fs.existsSync(oldMetaPath)) {
-                    try {
-                        const meta = JSON.parse(fs.readFileSync(oldMetaPath, "utf-8"));
-                        if (meta.company_id)
-                            companyId = String(meta.company_id);
-                    }
-                    catch { /* ignore */ }
-                }
-            }
         }
         if (!companyId) {
             throw new Error("company_id is required. Pass it as parameter or pull the view first.");
@@ -1925,12 +2001,8 @@ const toolHandlers = {
         let files = [];
         let lastPulledSnapshot;
         if (useLocal) {
-            // 💜 CLI: Read from ~/gufi-dev/company_<id>/view_<id>/ (or legacy ~/gufi-dev/view_<id>/)
-            let viewDir = path.join(LOCAL_VIEWS_DIR, `company_${companyId}`, `view_${viewId}`);
-            if (!fs.existsSync(viewDir)) {
-                // Fallback to old path
-                viewDir = path.join(LOCAL_VIEWS_DIR, `view_${viewId}`);
-            }
+            // 💜 CLI: Read from ~/gufi-dev/company_<id>/view_<id>/
+            const viewDir = path.join(LOCAL_VIEWS_DIR, `company_${companyId}`, `view_${viewId}`);
             if (!fs.existsSync(viewDir)) {
                 throw new Error(`View directory not found. Run gufi_view_pull({ view_id: ${viewId}, company_id: '${companyId}' }) first.`);
             }
@@ -2055,9 +2127,7 @@ const toolHandlers = {
         }
         // 💜 Update local metadata with new snapshot number (for version tracking)
         if (useLocal && result.snapshot) {
-            let viewDir = path.join(LOCAL_VIEWS_DIR, `company_${companyId}`, `view_${viewId}`);
-            if (!fs.existsSync(viewDir))
-                viewDir = path.join(LOCAL_VIEWS_DIR, `view_${viewId}`);
+            const viewDir = path.join(LOCAL_VIEWS_DIR, `company_${companyId}`, `view_${viewId}`);
             const metaPath = path.join(viewDir, ".gufi-view.json");
             if (fs.existsSync(metaPath)) {
                 try {
@@ -2189,6 +2259,58 @@ const toolHandlers = {
     },
     // gufi_view_create removed - views are created from UI, edited via pull/push
     // ─────────────────────────────────────────────────────────────────────────
+    // Browse - Headless browser for any page
+    // ─────────────────────────────────────────────────────────────────────────
+    async gufi_browse(params) {
+        const { path, entity, page, company_id, timeout, actions, capture_screenshot = true, env } = params;
+        if (!path && !entity && !page) {
+            return { error: "One of path, entity, or page is required" };
+        }
+        const result = await apiRequest("/api/cli/browse", {
+            method: "POST",
+            body: JSON.stringify({
+                path,
+                entity,
+                page,
+                company_id,
+                timeout: timeout || 15000,
+                actions: actions || [],
+                capture_screenshot,
+            }),
+        }, company_id, true, env);
+        const response = {
+            success: result.success,
+            url: result.url,
+            duration_ms: result.duration_ms,
+        };
+        if (result.console?.errors?.length > 0)
+            response.console_errors = result.console.errors;
+        if (result.console?.warnings?.length > 0)
+            response.console_warnings = result.console.warnings;
+        if (result.console?.logs?.length > 0)
+            response.console_logs = result.console.logs;
+        if (result.errors?.length > 0)
+            response.errors = result.errors;
+        const failedCalls = (result.api_calls || []).filter((c) => c.status >= 400);
+        if (failedCalls.length > 0)
+            response.failed_api_calls = failedCalls;
+        response.dom = result.dom;
+        if (result.actions?.length > 0)
+            response.actions = result.actions;
+        if (result.screenshot)
+            response.screenshot = result.screenshot;
+        if (!result.success) {
+            response._hint = `Browse failed: ${result.error}. Check console_errors and errors for details.`;
+        }
+        else if (result.errors?.length > 0 || result.console?.errors?.length > 0) {
+            response._hint = "Page loaded but has errors. Check console_errors and errors arrays.";
+        }
+        else {
+            response._hint = "Page loaded successfully. Check screenshot to verify visual appearance.";
+        }
+        return response;
+    },
+    // ─────────────────────────────────────────────────────────────────────────
     // Packages
     // ─────────────────────────────────────────────────────────────────────────
     async gufi_package(params) {
@@ -2690,16 +2812,71 @@ async function handleRequest(request) {
             case "notifications/initialized":
                 // No response needed for notifications
                 break;
-            case "tools/list":
+            case "tools/list": {
+                let visibleTools = TOOLS;
+                if (workforceState && !workforceState.isAdmin) {
+                    visibleTools = TOOLS.filter(t => !ADMIN_ONLY_TOOLS.includes(t.name));
+                    // Check if user has write on ANY entity - if not, adjust gufi_data description
+                    const hasAnyWrite = Object.values(workforceState.entityPermissions).some((perms) => {
+                        for (const role of workforceState.roles) {
+                            const p = perms[role];
+                            if (p === '*' || (Array.isArray(p) && p.some((x) => x.includes('edit'))))
+                                return true;
+                        }
+                        return false;
+                    });
+                    if (!hasAnyWrite) {
+                        visibleTools = visibleTools.map(t => {
+                            if (t.name !== 'gufi_data')
+                                return t;
+                            return {
+                                ...t,
+                                description: t.description.replace(/create:.*?delete:.*?\n/gs, '') + '\n\nNote: Your role only has read access (list, get, aggregate).',
+                            };
+                        });
+                    }
+                }
                 sendResponse({
                     jsonrpc: "2.0",
                     id,
-                    result: { tools: TOOLS },
+                    result: { tools: visibleTools },
                 });
                 break;
+            }
             case "tools/call": {
                 const toolName = params?.name;
                 const toolParams = params?.arguments || {};
+                // Workforce permission check
+                if (workforceState && !workforceState.isAdmin) {
+                    if (ADMIN_ONLY_TOOLS.includes(toolName)) {
+                        sendResponse({
+                            jsonrpc: "2.0",
+                            id,
+                            result: {
+                                content: [{ type: "text", text: JSON.stringify({
+                                            error: `Permission denied: tool '${toolName}' requires Admin/Consultant role. Your roles: [${workforceState.roles.join(', ')}]`
+                                        }, null, 2) }],
+                                isError: true,
+                            },
+                        });
+                        return;
+                    }
+                    if (toolName === 'gufi_data' && ['create', 'update', 'delete'].includes(toolParams.action)) {
+                        if (!checkEntityWritePermission(toolParams.table, toolParams.action, workforceState)) {
+                            sendResponse({
+                                jsonrpc: "2.0",
+                                id,
+                                result: {
+                                    content: [{ type: "text", text: JSON.stringify({
+                                                error: `Permission denied: your role cannot '${toolParams.action}' on table '${toolParams.table}'`
+                                            }, null, 2) }],
+                                    isError: true,
+                                },
+                            });
+                            return;
+                        }
+                    }
+                }
                 const handler = toolHandlers[toolName];
                 if (!handler) {
                     sendError(id, -32601, `Unknown tool: ${toolName}`);
@@ -2771,7 +2948,7 @@ async function handleRequest(request) {
         sendError(id, -32603, err.message);
     }
 }
-export async function startMcpServer() {
+export async function startMcpServer(options) {
     // Check if logged in
     if (!isLoggedIn()) {
         const token = await autoLogin();
@@ -2780,6 +2957,27 @@ export async function startMcpServer() {
             process.exit(1);
         }
     }
+    // Workforce mode: fetch user permissions for the specified company
+    if (options?.company) {
+        try {
+            const env = getDefaultEnv();
+            const perms = await apiRequestWithEnv("/api/cli/my-permissions", {}, options.company, env);
+            workforceState = {
+                companyId: options.company,
+                roles: perms.roles || [],
+                platformRole: perms.platform_role || 'client',
+                isAdmin: hasAdminAccess(perms.roles || []),
+                entityPermissions: Object.fromEntries((perms.entity_permissions || []).map((e) => [
+                    `${e.module_name}.${e.name}`, e.permissions
+                ])),
+            };
+            console.error(`[gufi-mcp] Workforce mode: company=${options.company}, roles=[${workforceState.roles}], admin=${workforceState.isAdmin}`);
+        }
+        catch (err) {
+            console.error(`[gufi-mcp] Failed to fetch permissions: ${err.message}`);
+            process.exit(1);
+        }
+    }
     const rl = readline.createInterface({
         input: process.stdin,
         output: process.stdout,