kickload-watcher-mcp 0.1.6 → 0.1.7

package/compliance-poller.js

@@ -1,215 +1,216 @@
-// compliance-poller.js — Polls Anthropic Compliance API for new Claude Code sessions
-// Enterprise plan required. Enable at:
-// platform.claude.com → Organization Settings → Data and Privacy → Compliance API
-
-import { config } from "./config.js";
-
-let lastEventTimestamp = null;
-let pollingInterval = null;
-const sessionCallbacks = [];
-
-/**
- * Register a callback to be called when a new API-related session is detected.
- * Callback receives: { userId, sessionId, generatedCode, prompt, timestamp }
- */
-export function onNewSession(callback) {
-  sessionCallbacks.push(callback);
-}
-
-/**
- * Start polling the Compliance API on the configured interval.
- */
-export function startCompliancePoller() {
-  if (!config.anthropic.complianceApiKey) {
-    console.warn("⚠️  ANTHROPIC_COMPLIANCE_API_KEY not set.");
-    console.warn("   Compliance API polling disabled.");
-    console.warn("   File watcher will be the only trigger.");
-    return;
-  }
-
-  console.log(
-    `🔍 Compliance API poller started (every ${config.anthropic.pollIntervalMs / 1000}s)`
-  );
-
-  // Set initial timestamp to now so we only pick up new events
-  lastEventTimestamp = new Date().toISOString();
-
-  pollingInterval = setInterval(async () => {
-    try {
-      await pollComplianceEvents();
-    } catch (err) {
-      console.error("❌ Compliance API poll failed:", err.message);
-    }
-  }, config.anthropic.pollIntervalMs);
-
-  // Run immediately on start
-  pollComplianceEvents().catch((err) =>
-    console.error("❌ Initial compliance poll failed:", err.message)
-  );
-}
-
-/**
- * Stop the compliance poller.
- */
-export function stopCompliancePoller() {
-  if (pollingInterval) {
-    clearInterval(pollingInterval);
-    pollingInterval = null;
-    console.log("⏹  Compliance API poller stopped.");
-  }
-}
-
-/**
- * Fetch recent events from the Compliance API and filter for API-related code.
- */
-async function pollComplianceEvents() {
-  const url = new URL(`${config.anthropic.complianceBaseUrl}/organizations/audit-log`);
-
-  if (lastEventTimestamp) {
-    url.searchParams.set("after", lastEventTimestamp);
-  }
-
-  url.searchParams.set("limit", "50");
-
-  const response = await fetch(url.toString(), {
-    method: "GET",
-    headers: {
-      "anthropic-organization-key": config.anthropic.complianceApiKey,
-      "Content-Type": "application/json",
-    },
-  });
-
-  if (!response.ok) {
-    const body = await response.text();
-    throw new Error(`Compliance API ${response.status}: ${body}`);
-  }
-
-  const data = await response.json();
-  const events = data.events || data.data || [];
-
-  if (events.length === 0) return;
-
-  // Update timestamp to latest event so we don't re-process
-  const latest = events[events.length - 1];
-  if (latest.created_at) {
-    lastEventTimestamp = latest.created_at;
-  }
-
-  // Filter events that contain API-related code
-  for (const event of events) {
-    const session = extractApiSession(event);
-    if (session) {
-      console.log(`📡 New API session detected from user: ${session.userId}`);
-      for (const cb of sessionCallbacks) {
-        try {
-          await cb(session);
-        } catch (err) {
-          console.error("❌ Session callback error:", err.message);
-        }
-      }
-    }
-  }
-}
-
-/**
- * Extract relevant session data from a compliance event.
- * Returns null if the event doesn't contain API-related code.
- */
-function extractApiSession(event) {
-  try {
-    // Compliance API event structure
-    const userId =
-      event.actor?.id ||
-      event.user_id ||
-      event.actor?.user_id ||
-      null;
-
-    const sessionId = event.id || event.session_id || null;
-    const timestamp = event.created_at || new Date().toISOString();
-
-    // Get message content — structure varies by event type
-    const messages =
-      event.payload?.messages ||
-      event.messages ||
-      event.content?.messages ||
-      [];
-
-    // Look through messages for generated code with API endpoints
-    let generatedCode = null;
-    let userPrompt = null;
-
-    for (const msg of messages) {
-      // Capture the user's original prompt
-      if (msg.role === "user" && typeof msg.content === "string") {
-        userPrompt = msg.content;
-      }
-
-      // Look for assistant response containing API code
-      if (msg.role === "assistant") {
-        const content =
-          typeof msg.content === "string"
-            ? msg.content
-            : Array.isArray(msg.content)
-            ? msg.content.map((b) => b.text || "").join("\n")
-            : "";
-
-        // Detect if this looks like API endpoint code
-        if (containsApiCode(content)) {
-          generatedCode = content;
-        }
-      }
-    }
-
-    // Only return if we found actual API code
-    if (!generatedCode || !userId) return null;
-
-    return {
-      userId,
-      sessionId,
-      generatedCode,
-      prompt: userPrompt || "No prompt captured",
-      timestamp,
-      source: "compliance_api",
-    };
-  } catch (err) {
-    return null;
-  }
-}
-
-/**
- * Detect if code content contains API endpoint definitions.
- * Covers Express, Flask, FastAPI, Django, Spring, Go, Rails patterns.
- */
-function containsApiCode(content) {
-  const apiPatterns = [
-    // JavaScript/Node.js (Express, Fastify, Hapi)
-    /app\.(get|post|put|patch|delete|use)\s*\(\s*['"`]/i,
-    /router\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
-    /fastify\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
-
-    // Python (Flask, FastAPI, Django)
-    /@app\.route\s*\(\s*['"`]/i,
-    /@router\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
-    /path\s*\(\s*['"`][^'"]+['"`]\s*,/i,
-    /@app\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
-
-    // Go (net/http, gin, echo)
-    /http\.HandleFunc\s*\(\s*['"`]/i,
-    /r\.(GET|POST|PUT|PATCH|DELETE)\s*\(\s*['"`]/i,
-    /e\.(GET|POST|PUT|PATCH|DELETE)\s*\(\s*['"`]/i,
-
-    // Java/Spring
-    /@(Get|Post|Put|Delete|Patch)Mapping\s*\(\s*['"`]/i,
-    /@RequestMapping\s*\(/i,
-
-    // Ruby on Rails
-    /resources\s+:/i,
-    /get\s+['"`][^'"]+['"`]\s*,\s*to:/i,
-
-    // General endpoint patterns
-    /\/api\//i,
-    /endpoint/i,
-  ];
-
-  return apiPatterns.some((pattern) => pattern.test(content));
-}
+// compliance-poller.js — Polls Anthropic Compliance API for new Claude Code sessions
+// Enterprise plan required. Enable at:
+// platform.claude.com → Organization Settings → Data and Privacy → Compliance API
+
+import { config } from "./config.js";
+import fetch from "node-fetch";
+
+let lastEventTimestamp = null;
+let pollingInterval = null;
+const sessionCallbacks = [];
+
+/**
+ * Register a callback to be called when a new API-related session is detected.
+ * Callback receives: { userId, sessionId, generatedCode, prompt, timestamp }
+ */
+export function onNewSession(callback) {
+  sessionCallbacks.push(callback);
+}
+
+/**
+ * Start polling the Compliance API on the configured interval.
+ */
+export function startCompliancePoller() {
+  if (!config.anthropic.complianceApiKey) {
+    console.warn("⚠️  ANTHROPIC_COMPLIANCE_API_KEY not set.");
+    console.warn("   Compliance API polling disabled.");
+    console.warn("   File watcher will be the only trigger.");
+    return;
+  }
+
+  console.log(
+    `🔍 Compliance API poller started (every ${config.anthropic.pollIntervalMs / 1000}s)`
+  );
+
+  // Set initial timestamp to now so we only pick up new events
+  lastEventTimestamp = new Date().toISOString();
+
+  pollingInterval = setInterval(async () => {
+    try {
+      await pollComplianceEvents();
+    } catch (err) {
+      console.error("❌ Compliance API poll failed:", err.message);
+    }
+  }, config.anthropic.pollIntervalMs);
+
+  // Run immediately on start
+  pollComplianceEvents().catch((err) =>
+    console.error("❌ Initial compliance poll failed:", err.message)
+  );
+}
+
+/**
+ * Stop the compliance poller.
+ */
+export function stopCompliancePoller() {
+  if (pollingInterval) {
+    clearInterval(pollingInterval);
+    pollingInterval = null;
+    console.log("⏹  Compliance API poller stopped.");
+  }
+}
+
+/**
+ * Fetch recent events from the Compliance API and filter for API-related code.
+ */
+async function pollComplianceEvents() {
+  const url = new URL(`${config.anthropic.complianceBaseUrl}/organizations/audit-log`);
+
+  if (lastEventTimestamp) {
+    url.searchParams.set("after", lastEventTimestamp);
+  }
+
+  url.searchParams.set("limit", "50");
+
+  const response = await fetch(url.toString(), {
+    method: "GET",
+    headers: {
+      "anthropic-organization-key": config.anthropic.complianceApiKey,
+      "Content-Type": "application/json",
+    },
+  });
+
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(`Compliance API ${response.status}: ${body}`);
+  }
+
+  const data = await response.json();
+  const events = data.events || data.data || [];
+
+  if (events.length === 0) return;
+
+  // Update timestamp to latest event so we don't re-process
+  const latest = events[events.length - 1];
+  if (latest.created_at) {
+    lastEventTimestamp = latest.created_at;
+  }
+
+  // Filter events that contain API-related code
+  for (const event of events) {
+    const session = extractApiSession(event);
+    if (session) {
+      console.log(`📡 New API session detected from user: ${session.userId}`);
+      for (const cb of sessionCallbacks) {
+        try {
+          await cb(session);
+        } catch (err) {
+          console.error("❌ Session callback error:", err.message);
+        }
+      }
+    }
+  }
+}
+
+/**
+ * Extract relevant session data from a compliance event.
+ * Returns null if the event doesn't contain API-related code.
+ */
+function extractApiSession(event) {
+  try {
+    // Compliance API event structure
+    const userId =
+      event.actor?.id ||
+      event.user_id ||
+      event.actor?.user_id ||
+      null;
+
+    const sessionId = event.id || event.session_id || null;
+    const timestamp = event.created_at || new Date().toISOString();
+
+    // Get message content — structure varies by event type
+    const messages =
+      event.payload?.messages ||
+      event.messages ||
+      event.content?.messages ||
+      [];
+
+    // Look through messages for generated code with API endpoints
+    let generatedCode = null;
+    let userPrompt = null;
+
+    for (const msg of messages) {
+      // Capture the user's original prompt
+      if (msg.role === "user" && typeof msg.content === "string") {
+        userPrompt = msg.content;
+      }
+
+      // Look for assistant response containing API code
+      if (msg.role === "assistant") {
+        const content =
+          typeof msg.content === "string"
+            ? msg.content
+            : Array.isArray(msg.content)
+            ? msg.content.map((b) => b.text || "").join("\n")
+            : "";
+
+        // Detect if this looks like API endpoint code
+        if (containsApiCode(content)) {
+          generatedCode = content;
+        }
+      }
+    }
+
+    // Only return if we found actual API code
+    if (!generatedCode || !userId) return null;
+
+    return {
+      userId,
+      sessionId,
+      generatedCode,
+      prompt: userPrompt || "No prompt captured",
+      timestamp,
+      source: "compliance_api",
+    };
+  } catch (err) {
+    return null;
+  }
+}
+
+/**
+ * Detect if code content contains API endpoint definitions.
+ * Covers Express, Flask, FastAPI, Django, Spring, Go, Rails patterns.
+ */
+function containsApiCode(content) {
+  const apiPatterns = [
+    // JavaScript/Node.js (Express, Fastify, Hapi)
+    /app\.(get|post|put|patch|delete|use)\s*\(\s*['"`]/i,
+    /router\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
+    /fastify\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
+
+    // Python (Flask, FastAPI, Django)
+    /@app\.route\s*\(\s*['"`]/i,
+    /@router\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
+    /path\s*\(\s*['"`][^'"]+['"`]\s*,/i,
+    /@app\.(get|post|put|patch|delete)\s*\(\s*['"`]/i,
+
+    // Go (net/http, gin, echo)
+    /http\.HandleFunc\s*\(\s*['"`]/i,
+    /r\.(GET|POST|PUT|PATCH|DELETE)\s*\(\s*['"`]/i,
+    /e\.(GET|POST|PUT|PATCH|DELETE)\s*\(\s*['"`]/i,
+
+    // Java/Spring
+    /@(Get|Post|Put|Delete|Patch)Mapping\s*\(\s*['"`]/i,
+    /@RequestMapping\s*\(/i,
+
+    // Ruby on Rails
+    /resources\s+:/i,
+    /get\s+['"`][^'"]+['"`]\s*,\s*to:/i,
+
+    // General endpoint patterns
+    /\/api\//i,
+    /endpoint/i,
+  ];
+
+  return apiPatterns.some((pattern) => pattern.test(content));
+}

package/email-sender.js

@@ -52,11 +52,7 @@ export async function verifyEmailService() {
     console.log("✅ Email service verified");
   } catch (err) {
     console.log(""); // newline after the "..."
-    console.error("\n❌ Email verification failed");
-    console.error("   Fix:");
-    console.error("   • Use Gmail App Password (NOT your real password)");
-    console.error("   • Enable 2-Step Verification");
-    console.error("   • Check SMTP_USER and SMTP_PASS\n");
+    console.error("\n❌ Email verification failed — cannot start.");
     console.error(`   Provider : ${config.email.provider}`);
     console.error(`   User     : ${config.email.smtp.user || "(none)"}`);
     console.error(`   Error    : ${err.message}`);