kojee-mcp 0.5.2 → 0.5.4

package/dist/{chunk-YEC7IHIG.js → chunk-62KH6VNQ.js}

@@ -1,3 +1,6 @@
+import {
+  startEventStream
+} from "./chunk-YVUXQ4Z2.js";
 import {
   deriveDiscoveryKey,
   findClaudeAncestorPid
@@ -6,74 +9,26 @@ import {
   buildCatchUpNote,
   buildMonitorSpawn,
   buildReplyRecipe
-} from "./chunk-C6GZ2L2W.js";
+} from "./chunk-X672ZN7V.js";
 import {
-  MCP_SESSION_ID,
-  createDPoPProof,
-  startEventStream
-} from "./chunk-WBMX4CHB.js";
+  GatewayClient,
+  generateES256KeyPair,
+  loadKeystore,
+  saveKeystore
+} from "./chunk-36L3GCU3.js";
 import {
-  secureDir,
-  secureFile
-} from "./chunk-BLEGIR35.js";
+  translateToolCallResult
+} from "./chunk-LDZXU3DW.js";
 
 // src/index.ts
-import fs3 from "fs";
-import os2 from "os";
-import path3 from "path";
+import fs2 from "fs";
+import os from "os";
+import path2 from "path";
 
 // src/auth/auth-module.ts
 import { calculateJwkThumbprint } from "jose";
 import crypto from "crypto";
 
-// src/auth/keystore.ts
-import { importJWK, exportJWK, generateKeyPair } from "jose";
-import fs from "fs";
-import os from "os";
-import path from "path";
-var DEFAULT_PATH = path.join(os.homedir(), ".kojee", "keypair.json");
-async function loadKeystore(keystorePath = DEFAULT_PATH, expectedBrokerUrl) {
-  if (!fs.existsSync(keystorePath)) {
-    return null;
-  }
-  const raw = fs.readFileSync(keystorePath, "utf-8");
-  const data = JSON.parse(raw);
-  if (expectedBrokerUrl && data.broker_url !== expectedBrokerUrl) {
-    return null;
-  }
-  const privateKey = await importJWK(data.private_key_jwk, "ES256");
-  return {
-    privateKey,
-    publicJwk: data.public_jwk,
-    kid: data.kid,
-    data
-  };
-}
-async function saveKeystore(privateKey, publicJwk, kid, brokerUrl, keystorePath = DEFAULT_PATH) {
-  const dir = path.dirname(keystorePath);
-  fs.mkdirSync(dir, { recursive: true, mode: 448 });
-  secureDir(dir);
-  const privateJwk = await exportJWK(privateKey);
-  const data = {
-    private_key_jwk: privateJwk,
-    kid,
-    broker_url: brokerUrl,
-    public_jwk: publicJwk,
-    enrolled_at: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  fs.writeFileSync(keystorePath, JSON.stringify(data, null, 2), {
-    mode: 384
-  });
-  secureFile(keystorePath);
-}
-async function generateES256KeyPair() {
-  const { privateKey, publicKey } = await generateKeyPair("ES256");
-  const publicJwk = await exportJWK(publicKey);
-  publicJwk.kty = "EC";
-  publicJwk.crv = "P-256";
-  return { privateKey, publicJwk };
-}
-
 // src/auth/registration.ts
 async function registerKey(brokerUrl, token, publicJwk) {
   const url = `${brokerUrl}/api/v1/bots/keys/register/`;
@@ -203,317 +158,6 @@ var AuthModule = class {
   }
 };
 
-// src/gateway-client.ts
-import crypto2 from "crypto";
-
-// src/error-translator.ts
-function translateGovernanceResult(result) {
-  const governance = result._meta?.governance;
-  if (!governance) return result;
-  if (governance.decision === "deny") {
-    return formatDenied(governance);
-  }
-  if (governance.decision === "require_approval") {
-    return formatApprovalRequired(governance);
-  }
-  return result;
-}
-function formatApprovalRequired(governance) {
-  const rules = formatRules(governance.triggered_guardrails);
-  const text = `APPROVAL REQUIRED: This action needs user approval before executing. Approval ID: ${governance.approval_id}. Expires: ${governance.expires_at ?? "unknown"}. Triggered rules: ${rules}. The user has been notified. Call kojee_check_approval with this approval_id to check the status.`;
-  return {
-    content: [{ type: "text", text }],
-    isError: true
-  };
-}
-function formatDenied(governance) {
-  const rules = formatRules(governance.triggered_guardrails);
-  const text = `DENIED: This action was blocked by governance policy. Triggered rules: ${rules}. This cannot proceed \u2014 modify your request or ask the user to adjust governance rules.`;
-  return {
-    content: [{ type: "text", text }],
-    isError: true
-  };
-}
-function translateHttpError(status, errorCode, trigger) {
-  if (status === 401) {
-    if (errorCode === "use_dpop_nonce") {
-      return null;
-    }
-    if (errorCode === "invalid_dpop_proof") {
-      return makeError(
-        "Authentication failed. The proxy will attempt to re-enroll. If this persists, regenerate your gateway token."
-      );
-    }
-    if (errorCode === "key_enrollment_required") {
-      return null;
-    }
-    return makeError(
-      "Gateway token is invalid or expired. Generate a new one."
-    );
-  }
-  if (status === 403 && errorCode === "step_up_required") {
-    const reason = trigger ? ` (reason: ${trigger})` : "";
-    return makeError(
-      `Device re-authorization required${reason}. This action can't proceed until the user re-authorizes this device in the Kojee dashboard.`
-    );
-  }
-  if (status === 429) {
-    return makeError(
-      "Rate limit exceeded. Wait before making more requests."
-    );
-  }
-  if (status >= 500) {
-    return makeError(
-      "Kojee gateway encountered an error. Try again."
-    );
-  }
-  return null;
-}
-var TANDEM_ERROR_MESSAGES = {
-  [-32003]: () => "This Tandem is hardened to owner-only membership; you can't join.",
-  [-32004]: () => "You aren't a member of that Tandem. Use tandem_join(join_link) first.",
-  [-32006]: (data) => {
-    const retry = data?.["retry_after_seconds"] ?? "a moment";
-    return `Rate limit hit on this Tandem. Retry after ${retry} seconds.`;
-  },
-  [-32007]: (data) => {
-    const rule = data?.["rule"] ?? "policy";
-    return `Message rejected by Tandem policy (${rule}).`;
-  },
-  [-32011]: (data) => {
-    const id = data?.["tandem_id"] ?? "unknown";
-    return `Tandem ${id} doesn't exist or isn't visible to you.`;
-  },
-  [-32015]: (data) => {
-    const candidates = data?.["candidates"] ?? [];
-    return `An @-mention matched multiple members and is ambiguous. Retry with explicit mentions[]. Candidates: ${candidates.join(", ")}.`;
-  }
-};
-function translateJsonRpcError(error) {
-  const msg = error.message ?? "";
-  const msgLower = msg.toLowerCase();
-  const tandemMessage = TANDEM_ERROR_MESSAGES[error.code];
-  if (tandemMessage) {
-    return {
-      content: [
-        {
-          type: "text",
-          text: tandemMessage(error.data)
-        }
-      ],
-      isError: true
-    };
-  }
-  switch (error.code) {
-    case -32601:
-      return makeError(
-        `Tool not available. It may have been removed or is not connected. Check your connected services in the Kojee dashboard.`
-      );
-    case -32602:
-      return makeError(msg || "Invalid parameters for this tool call.");
-    case -32603: {
-      if (msgLower.includes("multiple accounts connected")) {
-        return makeError(msg);
-      }
-      if (msgLower.includes("not connected")) {
-        return makeError(
-          "The service is not connected. Connect it in the Kojee dashboard."
-        );
-      }
-      if (msgLower.includes("scope") && msgLower.includes("access")) {
-        return makeError(
-          "Token doesn't have access to this tool. Update scopes in the Kojee dashboard."
-        );
-      }
-      if (msgLower.includes("invalid_grant") || msgLower.includes("token refresh failed") || msgLower.includes("re-authorization") || msgLower.includes("reauthorization")) {
-        const serviceMatch = msg.match(
-          /(?:for|connected for)\s+(\w[\w-]*)/i
-        );
-        const service = serviceMatch ? serviceMatch[1] : "service";
-        return makeError(
-          `The ${service} connection needs re-authorization. Ask the user to reconnect it in the Kojee dashboard.`
-        );
-      }
-      return makeError(msg || "An internal error occurred on the gateway.");
-    }
-    case -32600:
-      return makeError(
-        "Unexpected response from gateway. This may be a temporary issue."
-      );
-    case -32e3:
-      return makeError(
-        "Rate limit exceeded. Wait before making more requests."
-      );
-    default:
-      return makeError(msg || "An unknown error occurred.");
-  }
-}
-function translateNetworkError(_error) {
-  return makeError(
-    "Cannot reach Kojee gateway. Check your connection."
-  );
-}
-function translateToolCallResult(result) {
-  if (result._meta?.governance) {
-    return translateGovernanceResult(result);
-  }
-  return result;
-}
-function formatRules(guardrails) {
-  if (!guardrails || guardrails.length === 0) return "unknown";
-  return guardrails.join(", ");
-}
-function makeError(text) {
-  return {
-    content: [{ type: "text", text }],
-    isError: true
-  };
-}
-
-// src/gateway-client.ts
-var GatewayClient = class {
-  constructor(brokerUrl, token, privateKey, kid, sessionId) {
-    this.brokerUrl = brokerUrl;
-    this.token = token;
-    this.privateKey = privateKey;
-    this.kid = kid;
-    this.endpoint = `${brokerUrl}/mcp/messages/${sessionId}/`;
-  }
-  brokerUrl;
-  token;
-  privateKey;
-  kid;
-  currentNonce;
-  requestCounter = 0;
-  endpoint;
-  /**
-   * Expose the DPoP signing key so peer modules sharing auth state
-   * (e.g. tandem/event-stream.ts) can sign their own requests.
-   */
-  getPrivateKey() {
-    return this.privateKey;
-  }
-  /**
-   * Expose the bot_key_id (kid) for DPoP proof headers. Paired with
-   * getPrivateKey() so peer modules can construct proofs without
-   * threading the key material through their own constructors.
-   */
-  getKid() {
-    return this.kid;
-  }
-  /**
-   * Derive a deterministic session ID from the gateway token.
-   * session_id = sha256(token + "proxy").slice(0, 16)
-   */
-  static deriveSessionId(token) {
-    const hash = crypto2.createHash("sha256").update(token + "proxy").digest("hex");
-    return hash.slice(0, 16);
-  }
-  /**
-   * Send a JSON-RPC 2.0 request to the gateway, handling DPoP auth and
-   * nonce retry transparently. A 403 `step_up_required` (deprecated feature,
-   * owner ruling 2026-06-10) is no longer polled — it surfaces immediately as
-   * a structured tool error via translateHttpError.
-   *
-   * `signal` (ROUND-3 MAJOR A) is a REAL AbortSignal threaded into the
-   * underlying `fetch` option — NOT placed inside `params`/`arguments`. A
-   * caller with a per-call timeout budget (e.g. resubscribeMemberships) passes
-   * its controller's signal here so a hung backend aborts at the budget instead
-   * of hanging forever. Putting the signal in `arguments` (the round-2 bug) both
-   * left fetch un-aborted AND serialized a junk `{}` onto the wire body.
-   */
-  async sendRpc(method, params = {}, signal) {
-    const rpcRequest = {
-      jsonrpc: "2.0",
-      id: ++this.requestCounter,
-      method,
-      params
-    };
-    return this.executeWithRetries(rpcRequest, signal);
-  }
-  async executeWithRetries(rpcRequest, signal) {
-    let response;
-    try {
-      response = await this.sendHttpRequest(rpcRequest, signal);
-    } catch (err) {
-      return translateNetworkError(err);
-    }
-    this.trackNonce(response);
-    if (response.status === 401) {
-      const body = await this.tryParseErrorBody(response);
-      if (body?.error === "use_dpop_nonce") {
-        console.error("[gateway] Nonce expired, retrying with fresh nonce...");
-        try {
-          response = await this.sendHttpRequest(rpcRequest, signal);
-        } catch (err) {
-          return translateNetworkError(err);
-        }
-        this.trackNonce(response);
-      } else {
-        const translated = translateHttpError(401, body?.error);
-        if (translated) return translated;
-      }
-    }
-    if (response.status === 403) {
-      const body = await this.tryParseErrorBody(response);
-      const translated = translateHttpError(403, body?.error, body?.trigger);
-      if (translated) return translated;
-    }
-    if (!response.ok) {
-      const body = await this.tryParseErrorBody(response);
-      const translated = translateHttpError(response.status, body?.error);
-      if (translated) return translated;
-      return {
-        content: [{ type: "text", text: `Gateway error: ${response.status}` }],
-        isError: true
-      };
-    }
-    const rpcResponse = await response.json();
-    if (rpcResponse.error) {
-      return translateJsonRpcError(rpcResponse.error);
-    }
-    const result = rpcResponse.result;
-    return result ?? { content: [{ type: "text", text: "No result" }] };
-  }
-  async sendHttpRequest(rpcRequest, signal) {
-    const proof = await createDPoPProof(
-      this.privateKey,
-      this.kid,
-      "POST",
-      this.endpoint,
-      this.currentNonce,
-      this.token
-    );
-    return fetch(this.endpoint, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `DPoP ${this.token}`,
-        DPoP: proof,
-        "Mcp-Session-Id": MCP_SESSION_ID
-      },
-      body: JSON.stringify(rpcRequest),
-      // ROUND-3 MAJOR A: the caller's AbortSignal rides HERE (a real fetch
-      // option), never inside the JSON-RPC body. `undefined` is a valid value
-      // for the fetch `signal` option (no abort wired).
-      ...signal ? { signal } : {}
-    });
-  }
-  trackNonce(response) {
-    const nonce = response.headers.get("DPoP-Nonce");
-    if (nonce) {
-      this.currentNonce = nonce;
-    }
-  }
-  async tryParseErrorBody(response) {
-    try {
-      return await response.json();
-    } catch {
-      return null;
-    }
-  }
-};
-
 // src/tool-registry.ts
 var ToolRegistry = class {
   constructor(gateway) {
@@ -590,15 +234,15 @@ import {
 } from "@modelcontextprotocol/sdk/types.js";
 
 // src/version.ts
-import fs2 from "fs";
-import path2 from "path";
+import fs from "fs";
+import path from "path";
 import { fileURLToPath } from "url";
 var FALLBACK_VERSION = "0.0.0-unknown";
 function resolveVersion() {
   try {
-    const here = path2.dirname(fileURLToPath(import.meta.url));
+    const here = path.dirname(fileURLToPath(import.meta.url));
     const parsed = JSON.parse(
-      fs2.readFileSync(path2.join(here, "..", "package.json"), "utf8")
+      fs.readFileSync(path.join(here, "..", "package.json"), "utf8")
     );
     return typeof parsed?.version === "string" && parsed.version ? parsed.version : FALLBACK_VERSION;
   } catch (err) {
@@ -751,7 +395,7 @@ var unknownAdapter = {
 };
 
 // src/index.ts
-var DEFAULT_KEYSTORE_PATH = path3.join(os2.homedir(), ".kojee", "keypair.json");
+var DEFAULT_KEYSTORE_PATH = path2.join(os.homedir(), ".kojee", "keypair.json");
 function isDPoPEnrollmentError(err) {
   const msg = String(err?.message ?? err ?? "").toLowerCase();
   if (msg.includes("invalid or expired") && msg.includes("token")) return false;
@@ -804,7 +448,7 @@ async function startProxy(config) {
   let server;
   if (adapter.supportsChannels) {
     const { EventQueue } = await import("./event-queue-5YVJFR3E.js");
-    const { startHookServer } = await import("./hook-server-QF5JVUHV.js");
+    const { startHookServer } = await import("./hook-server-NDJSV22J.js");
     const {
       writeDiscoveryByKey,
       cleanupDiscoveryByKey,
@@ -812,8 +456,8 @@ async function startProxy(config) {
     } = await import("./session-discovery-FNMJGFPM.js");
     const { startEventLog, sweepStaleEventLogs } = await import("./event-log-RSTM4PLL.js");
     const { resubscribeMemberships } = await import("./resubscribe-SLZNA76S.js");
-    const { resolveWebhookConfig } = await import("./webhook-config-5TLLX7RA.js");
-    const { createWebhookSink } = await import("./webhook-sink-7OYZBWXA.js");
+    const { resolveWebhookConfig } = await import("./webhook-config-UKUSI2FE.js");
+    const { createWebhookSink } = await import("./webhook-sink-GCLL2S6S.js");
     sweepStaleDiscovery();
     sweepStaleEventLogs();
     const ccPid = await findClaudeAncestorPid();
@@ -826,6 +470,11 @@ async function startProxy(config) {
       void eventLog.appendStatus(`status=webhook error="${webhookResolution.error}"`).catch(() => {
       });
     }
+    if (webhookResolution.warning) {
+      console.error(`[kojee-mcp] webhook sink WARNING: ${webhookResolution.warning}`);
+      void eventLog.appendStatus(`status=webhook warning="${webhookResolution.warning}"`).catch(() => {
+      });
+    }
     const webhookSink = webhookResolution.enabled && webhookResolution.config ? createWebhookSink(webhookResolution.config, {
       // Route delivery/failure observability to the STATUS sink.
       log: (line) => {
@@ -839,12 +488,23 @@ async function startProxy(config) {
       });
     }
     server = createMcpServer(registry, adapter, tandemMembershipCount, eventLog.path);
+    const { issueControlToken, controlTokenPath } = await import("./control-token-TYDAL477.js");
+    let controlToken = null;
+    try {
+      controlToken = issueControlToken();
+    } catch (err) {
+      console.error(
+        "[kojee-mcp] control token write failed \u2014 POST /send disabled:",
+        err.message
+      );
+    }
     const queue = new EventQueue();
     let streamHandle = null;
     const hookServer = await startHookServer({
       port: 0,
       queue,
       adapter,
+      ...controlToken !== null ? { send: { gateway, authToken: controlToken } } : {},
       getStreamState: () => streamHandle ? streamHandle.getState() : {
         connected: false,
         connectedSince: null,
@@ -869,6 +529,9 @@ async function startProxy(config) {
       startedAt: (/* @__PURE__ */ new Date()).toISOString(),
       brokerUrl: config.url,
       eventLogPath: eventLog.path,
+      // Advertise where the POST /send bearer lives so local consumers
+      // (native gateway plugins) can find it without guessing ~/.kojee.
+      ...controlToken !== null ? { controlTokenPath: controlTokenPath() } : {},
       // Stamp the auth mode so `kojee-mcp doctor` renders the pairing check
       // honestly: a token-mode box has no ~/.kojee/config.json by design and
       // must not hard-fail on "paired config: MISSING". Defaults to "paired"
@@ -934,8 +597,8 @@ async function startProxy(config) {
     });
   } else if (needsWebhookEventStream()) {
     const { startEventLog, sweepStaleEventLogs } = await import("./event-log-RSTM4PLL.js");
-    const { resolveWebhookConfig } = await import("./webhook-config-5TLLX7RA.js");
-    const { createWebhookSink } = await import("./webhook-sink-7OYZBWXA.js");
+    const { resolveWebhookConfig } = await import("./webhook-config-UKUSI2FE.js");
+    const { createWebhookSink } = await import("./webhook-sink-GCLL2S6S.js");
     const { resubscribeMemberships } = await import("./resubscribe-SLZNA76S.js");
     sweepStaleEventLogs();
     const ccPid = await findClaudeAncestorPid();
@@ -948,6 +611,11 @@ async function startProxy(config) {
       void eventLog.appendStatus(`status=webhook error="${webhookResolution.error}"`).catch(() => {
       });
     }
+    if (webhookResolution.warning) {
+      console.error(`[kojee-mcp] webhook sink WARNING: ${webhookResolution.warning}`);
+      void eventLog.appendStatus(`status=webhook warning="${webhookResolution.warning}"`).catch(() => {
+      });
+    }
     const webhookSink = webhookResolution.enabled && webhookResolution.config ? createWebhookSink(webhookResolution.config, {
       log: (line) => {
         void eventLog.appendStatus(`status=webhook ${line}`).catch(() => {
@@ -1021,7 +689,7 @@ async function enrollAndDiscover(config, keystorePath, isRetry = false) {
       "[kojee-mcp] Auth failed, attempting recovery with fresh enrollment..."
     );
     try {
-      if (fs3.existsSync(keystorePath)) fs3.unlinkSync(keystorePath);
+      if (fs2.existsSync(keystorePath)) fs2.unlinkSync(keystorePath);
     } catch (unlinkErr) {
       console.error("[kojee-mcp] Could not remove stale keystore:", unlinkErr);
     }

package/dist/{chunk-ZW4SW7LJ.js → chunk-64EOLZNI.js}

@@ -24,7 +24,9 @@ function buildCodexMcpServerTable(opts) {
     "[mcp_servers.kojee.env]",
     'KOJEE_RUNTIME = "codex"',
     `KOJEE_WEBHOOK_URL = "${escapeTomlString(opts.webhookUrl)}"`,
-    `KOJEE_WEBHOOK_SECRET = "${escapeTomlString(opts.webhookSecret)}"`
+    `KOJEE_WEBHOOK_SECRET = "${escapeTomlString(opts.webhookSecret)}"`,
+    // Signature emission overrides (0.5.3) — emitted only when configured.
+    ...(opts.signatureEnv ?? []).map(([k, v]) => `${k} = "${escapeTomlString(v)}"`)
   ].join("\n");
 }
 function buildCodexStopHookBlock() {
@@ -48,7 +50,7 @@ function writeCodexConfig(inputs) {
     toml = fs.readFileSync(configPath, "utf8");
   } catch {
   }
-  toml = upsertKojeeTomlTables(toml, inputs.webhookUrl, inputs.webhookSecret);
+  toml = upsertKojeeTomlTables(toml, inputs.webhookUrl, inputs.webhookSecret, inputs.signatureEnv ?? []);
   writeFile600(configPath, toml);
   const hooks = readJson(hooksPath);
   hooks.hooks ??= {};
@@ -93,10 +95,14 @@ function removeCodexConfig(opts = {}) {
   }
   return result;
 }
-function upsertKojeeTomlTables(existing, webhookUrl, webhookSecret) {
+function upsertKojeeTomlTables(existing, webhookUrl, webhookSecret, signatureEnv = []) {
   const parsed = extractKojeeBlock(existing);
   if (!parsed) {
-    const block = buildCodexMcpServerTable({ webhookUrl, webhookSecret });
+    const block = buildCodexMcpServerTable({
+      webhookUrl,
+      webhookSecret,
+      ...signatureEnv.length > 0 ? { signatureEnv } : {}
+    });
     const base2 = existing.replace(/\s*$/, "");
     return base2.length === 0 ? block + "\n" : base2 + "\n\n" + block + "\n";
   }
@@ -107,7 +113,10 @@ function upsertKojeeTomlTables(existing, webhookUrl, webhookSecret) {
   const envKeys = upsertKeyLines(parsed.envKeys, [
     ["KOJEE_RUNTIME", '"codex"'],
     ["KOJEE_WEBHOOK_URL", `"${escapeTomlString(webhookUrl)}"`],
-    ["KOJEE_WEBHOOK_SECRET", `"${escapeTomlString(webhookSecret)}"`]
+    ["KOJEE_WEBHOOK_SECRET", `"${escapeTomlString(webhookSecret)}"`],
+    // Signature emission overrides (0.5.3) — owned only when configured this
+    // run; an operator's existing signature lines are otherwise preserved.
+    ...signatureEnv.map(([k, v]) => [k, `"${escapeTomlString(v)}"`])
   ]);
   const merged = [
     KOJEE_TABLE_HEADER,