kojee-mcp 0.5.3 → 0.5.6

package/dist/{doctor-TSHOMT5X.js → doctor-QCQDFLEH.js}

@@ -1,18 +1,21 @@
 import {
-  loadPairedConfig
-} from "./chunk-YH27B6SW.js";
+  monitorHeartbeatPath,
+  statusLogPath
+} from "./chunk-2TUAFAIW.js";
 import {
-  deriveDiscoveryKey,
-  findClaudeAncestorPid
-} from "./chunk-BJMASMKX.js";
+  loadControlToken
+} from "./chunk-GI2CKKBL.js";
 import {
   buildMonitorSpawn,
   buildReplyRecipe
-} from "./chunk-C6GZ2L2W.js";
+} from "./chunk-X672ZN7V.js";
 import {
-  monitorHeartbeatPath,
-  statusLogPath
-} from "./chunk-2TUAFAIW.js";
+  deriveDiscoveryKey,
+  findClaudeAncestorPid
+} from "./chunk-BJMASMKX.js";
+import {
+  loadPairedConfig
+} from "./chunk-YH27B6SW.js";
 import {
   discoveryPathForKey,
   readSessionDiscoveryByKey
@@ -111,8 +114,17 @@ async function collectDoctorReport(deps = {}) {
       ok: health !== null,
       detail: health !== null ? "ok" : "unreachable"
     });
-    const statusProbe = await probeJsonWithStatus(fetchFn, `${base}/status`);
-    if (statusProbe.json === null && statusProbe.routeAbsent) {
+    const readControlToken = deps.readControlToken ?? loadControlToken;
+    const controlToken = readControlToken(discovery.controlTokenPath);
+    const statusHeaders = controlToken ? { Authorization: `Bearer ${controlToken}` } : {};
+    const statusProbe = await probeJsonWithStatus(fetchFn, `${base}/status`, statusHeaders);
+    if (statusProbe.json === null && statusProbe.unauthorized) {
+      checks.push({
+        name: "hook-server /status",
+        ok: "warn",
+        detail: `401 unauthorized \u2014 /status is gated by the control token (0.5.4); could not present a valid bearer from ${discovery.controlTokenPath ?? "~/.kojee/control-token"} (daemon restarted? re-run doctor; file unreadable? check perms)`
+      });
+    } else if (statusProbe.json === null && statusProbe.routeAbsent) {
       checks.push({
         name: "hook-server /status",
         ok: "unknown",
@@ -187,14 +199,15 @@ async function probeJson(fetchFn, url) {
     return null;
   }
 }
-async function probeJsonWithStatus(fetchFn, url) {
+async function probeJsonWithStatus(fetchFn, url, headers = {}) {
   try {
-    const res = await fetchFn(url);
-    if (res.ok) return { json: await res.json(), routeAbsent: false };
+    const res = await fetchFn(url, { headers });
+    if (res.ok) return { json: await res.json(), routeAbsent: false, unauthorized: false };
     const routeAbsent = res.status === 404 || res.status === 405;
-    return { json: null, routeAbsent };
+    const unauthorized = res.status === 401;
+    return { json: null, routeAbsent, unauthorized };
   } catch {
-    return { json: null, routeAbsent: false };
+    return { json: null, routeAbsent: false, unauthorized: false };
   }
 }
 function formatDoctorReport(report) {
@@ -220,7 +233,7 @@ function formatDoctorReport(report) {
 async function runDoctor() {
   const { readRecordedRuntime } = await import("./runtime-record-WO4IECM6.js");
   if (readRecordedRuntime() === "codex") {
-    const { collectCodexDoctorReport, formatCodexDoctorReport } = await import("./doctor-codex-BMI5JOO6.js");
+    const { collectCodexDoctorReport, formatCodexDoctorReport } = await import("./doctor-codex-NZ53ROQA.js");
     const report2 = collectCodexDoctorReport();
     console.error(formatCodexDoctorReport(report2));
     return report2.verdict === "broken" ? 1 : 0;

package/dist/{doctor-codex-BMI5JOO6.js → doctor-codex-NZ53ROQA.js}

@@ -1,15 +1,15 @@
 import {
   defaultCodexConfigPath,
   defaultCodexHooksPath
-} from "./chunk-ZW4SW7LJ.js";
+} from "./chunk-64EOLZNI.js";
 import "./chunk-SQL56SEB.js";
+import {
+  resolveWebhookConfig
+} from "./chunk-V5VZPYMZ.js";
 import {
   CODEX_LISTEN_CAP_MS
-} from "./chunk-C6GZ2L2W.js";
+} from "./chunk-X672ZN7V.js";
 import "./chunk-BLEGIR35.js";
-import {
-  resolveWebhookConfig
-} from "./chunk-F7L25L2J.js";
 
 // src/doctor-codex.ts
 import fs from "fs";
@@ -84,6 +84,13 @@ function collectCodexDoctorReport(deps = {}) {
       ok: true,
       detail: `enabled \u2014 ${resolution.config.redactedSummary}`
     });
+    if (resolution.warning) {
+      checks.push({
+        name: "webhook signature config",
+        ok: "warn",
+        detail: `${resolution.warning} \u2014 ${WIZARD_RERUN} with valid signature flags`
+      });
+    }
   } else if (resolution.error) {
     checks.push({
       name: "webhook sink",

package/dist/ensure-join-7AEDJMPE.js

@@ -0,0 +1,96 @@
+// src/tandem/ensure-join.ts
+var OBJECT_ID_RE = /^[0-9a-f]{24}$/i;
+var DEFAULT_PER_CALL_TIMEOUT_MS = 1e4;
+function parseTandemsConfig(raw) {
+  const trimmed = (raw ?? "").trim();
+  if (trimmed.length === 0) return { mode: "auto", ids: [], invalid: [] };
+  if (trimmed.toLowerCase() === "none") return { mode: "disabled", ids: [], invalid: [] };
+  const ids = [];
+  const invalid = [];
+  for (const entry of trimmed.split(/[\s,]+/)) {
+    if (entry.length === 0) continue;
+    (OBJECT_ID_RE.test(entry) ? ids : invalid).push(entry);
+  }
+  return { mode: "explicit", ids, invalid };
+}
+async function ensureJoinTandems(opts) {
+  const log = opts.log ?? ((line) => console.error(line));
+  const perCallTimeoutMs = opts.perCallTimeoutMs ?? DEFAULT_PER_CALL_TIMEOUT_MS;
+  const config = parseTandemsConfig(opts.env);
+  const result = { mode: config.mode, joined: [], already: [], failed: [] };
+  if (config.mode === "disabled") {
+    log("[ensure-join] disabled (KOJEE_TANDEMS=none)");
+    return result;
+  }
+  for (const bad of config.invalid) {
+    log(`[ensure-join] skipping invalid tandem id "${bad}" (not a 24-hex ObjectId)`);
+  }
+  let ids;
+  if (config.mode === "explicit") {
+    ids = config.ids;
+    log(`[ensure-join] mode=explicit n=${ids.length} (KOJEE_TANDEMS)`);
+  } else {
+    let listed = null;
+    try {
+      listed = opts.listTandems ? await opts.listTandems() : null;
+    } catch (err) {
+      log(`[ensure-join] tandem_list threw: ${err.message}`);
+      listed = null;
+    }
+    if (listed === null) {
+      log(
+        "[ensure-join] tandem_list failed \u2014 cannot auto re-seat this session (set KOJEE_TANDEMS=<ids> to pin, or KOJEE_TANDEMS=none to silence)"
+      );
+      return result;
+    }
+    ids = listed;
+    log(`[ensure-join] mode=auto n=${ids.length} (KOJEE_TANDEMS unset \u2014 re-seating where this agent already holds a seat)`);
+  }
+  for (const id of ids) {
+    const outcome = await joinOne(opts.gateway, id, perCallTimeoutMs);
+    if (outcome.kind === "failed") {
+      result.failed.push(id);
+      log(`[ensure-join] ${id}: FAILED \u2014 ${outcome.detail} (continuing)`);
+      continue;
+    }
+    if (outcome.kind === "already") {
+      result.already.push(id);
+      log(`[ensure-join] ${id}: already seated`);
+    } else {
+      result.joined.push(id);
+      log(`[ensure-join] ${id}: joined fresh`);
+    }
+    try {
+      opts.onJoined?.(id);
+    } catch {
+    }
+  }
+  return result;
+}
+async function joinOne(gateway, tandemId, perCallTimeoutMs) {
+  const ac = new AbortController();
+  const timer = setTimeout(() => ac.abort(), perCallTimeoutMs);
+  try {
+    const result = await gateway.sendRpc(
+      "tools/call",
+      { name: "tandem_join", arguments: { tandem_id: tandemId } },
+      ac.signal
+    );
+    const text = (result.content ?? []).map((c) => typeof c?.text === "string" ? c.text : "").filter(Boolean).join("\n");
+    if (result.isError) {
+      return { kind: "failed", detail: text || "tandem_join returned an error with no text" };
+    }
+    if (/already[\s_-]?(a[\s_-]?)?(member|seated|joined)/i.test(text)) {
+      return { kind: "already" };
+    }
+    return { kind: "joined" };
+  } catch (err) {
+    return { kind: "failed", detail: err?.message ?? String(err) };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+export {
+  ensureJoinTandems,
+  parseTandemsConfig
+};

package/dist/gateway-client-93P1E0CZ.d.ts

@@ -0,0 +1,92 @@
+import { KeyLike, JWK } from 'jose';
+
+interface ProxyConfig {
+    token: string;
+    url: string;
+    keystorePath: string;
+    /**
+     * How credentials were resolved at launch: "token" when `--token` was passed
+     * on the CLI, "paired" when read from ~/.kojee/config.json. The proxy records
+     * this in its session-discovery file so `kojee-mcp doctor` can render the
+     * pairing check honestly on a token-mode box (no config.json by design).
+     * Defaults to "paired" when unset (back-compat with callers predating the
+     * field).
+     */
+    authMode?: "token" | "paired";
+}
+interface KeystoreData {
+    private_key_jwk: JWK;
+    kid: string;
+    broker_url: string;
+    public_jwk: JWK;
+    enrolled_at: string;
+}
+interface LoadedKeyPair {
+    privateKey: KeyLike;
+    publicJwk: JWK;
+    kid: string;
+}
+interface GovernanceMeta {
+    decision: "require_approval" | "deny" | "allow";
+    approval_id?: string;
+    expires_at?: string;
+    triggered_guardrails?: string[];
+}
+interface ToolCallContent {
+    type: string;
+    text: string;
+}
+interface ToolCallResult {
+    content: ToolCallContent[];
+    isError?: boolean;
+    _meta?: {
+        governance?: GovernanceMeta;
+    };
+}
+
+declare class GatewayClient {
+    private readonly brokerUrl;
+    private readonly token;
+    private readonly privateKey;
+    private readonly kid;
+    private currentNonce;
+    private requestCounter;
+    private readonly endpoint;
+    constructor(brokerUrl: string, token: string, privateKey: KeyLike, kid: string, sessionId: string);
+    /**
+     * Expose the DPoP signing key so peer modules sharing auth state
+     * (e.g. tandem/event-stream.ts) can sign their own requests.
+     */
+    getPrivateKey(): KeyLike;
+    /**
+     * Expose the bot_key_id (kid) for DPoP proof headers. Paired with
+     * getPrivateKey() so peer modules can construct proofs without
+     * threading the key material through their own constructors.
+     */
+    getKid(): string;
+    /**
+     * Derive a deterministic session ID from the gateway token.
+     * session_id = sha256(token + "proxy").slice(0, 16)
+     */
+    static deriveSessionId(token: string): string;
+    /**
+     * Send a JSON-RPC 2.0 request to the gateway, handling DPoP auth and
+     * nonce retry transparently. A 403 `step_up_required` (deprecated feature,
+     * owner ruling 2026-06-10) is no longer polled — it surfaces immediately as
+     * a structured tool error via translateHttpError.
+     *
+     * `signal` (ROUND-3 MAJOR A) is a REAL AbortSignal threaded into the
+     * underlying `fetch` option — NOT placed inside `params`/`arguments`. A
+     * caller with a per-call timeout budget (e.g. resubscribeMemberships) passes
+     * its controller's signal here so a hung backend aborts at the budget instead
+     * of hanging forever. Putting the signal in `arguments` (the round-2 bug) both
+     * left fetch un-aborted AND serialized a junk `{}` onto the wire body.
+     */
+    sendRpc(method: string, params?: Record<string, unknown>, signal?: AbortSignal): Promise<ToolCallResult>;
+    private executeWithRetries;
+    private sendHttpRequest;
+    private trackNonce;
+    private tryParseErrorBody;
+}
+
+export { GatewayClient as G, type KeystoreData as K, type LoadedKeyPair as L, type ProxyConfig as P, type ToolCallResult as T };

package/dist/{hook-server-QF5JVUHV.js → hook-server-37E2LUKJ.js}

@@ -1,4 +1,13 @@
+import {
+  executeSend,
+  httpStatusForEnvelope,
+  parseSendRequest,
+  sendFailure
+} from "./chunk-HIZ4NDWN.js";
+import "./chunk-LDZXU3DW.js";
+
 // src/tandem/hook-server.ts
+import crypto from "crypto";
 import { createServer } from "http";
 async function startHookServer(opts) {
   const server = createServer((req, res) => {
@@ -24,6 +33,12 @@ async function handleRequest(req, res, opts) {
   if (req.method === "GET" && url.pathname === "/health") {
     return json(res, 200, { ok: true });
   }
+  if (req.method === "GET" && (url.pathname === "/status" || url.pathname === "/poll") && opts.controlToken !== void 0 && !bearerMatches(req.headers.authorization, opts.controlToken)) {
+    return json(res, 401, {
+      error: "unauthorized",
+      detail: "GET /poll and /status are gated by the control token (0.5.4) \u2014 read the file named by the discovery file's controlTokenPath and send it as `Authorization: Bearer <token>`"
+    });
+  }
   if (req.method === "GET" && url.pathname === "/status") {
     return respondWithStatus(res, opts);
   }
@@ -38,8 +53,84 @@ async function handleRequest(req, res, opts) {
     }
     return json(res, 400, { error: "unknown type", detail: "type must be 'stop' or 'user-prompt-submit'" });
   }
+  if (req.method === "POST" && url.pathname === "/send") {
+    return handleSend(req, res, opts);
+  }
   return json(res, 404, { error: "not_found", detail: `${req.method} ${url.pathname}` });
 }
+var MAX_SEND_BODY_BYTES = 256 * 1024;
+async function handleSend(req, res, opts) {
+  if (!opts.send) {
+    return respondEnvelope(
+      res,
+      sendFailure(
+        "send_unavailable",
+        "this daemon started without a send surface (no gateway/control token wired)"
+      )
+    );
+  }
+  if (!bearerMatches(req.headers.authorization, opts.send.authToken)) {
+    return respondEnvelope(
+      res,
+      sendFailure(
+        "unauthorized",
+        "missing or invalid bearer \u2014 read the control token from the file named by the discovery file's controlTokenPath and send it as `Authorization: Bearer <token>`"
+      )
+    );
+  }
+  let raw;
+  try {
+    raw = await readBody(req, MAX_SEND_BODY_BYTES);
+  } catch (err) {
+    return respondEnvelope(
+      res,
+      sendFailure("bad_request", err.message)
+    );
+  }
+  let input;
+  try {
+    input = JSON.parse(raw);
+  } catch {
+    return respondEnvelope(
+      res,
+      sendFailure("bad_request", "request body must be valid JSON")
+    );
+  }
+  const parsed = parseSendRequest(input);
+  if (!parsed.ok) {
+    return respondEnvelope(res, parsed);
+  }
+  const envelope = await executeSend(opts.send.gateway, parsed.request);
+  respondEnvelope(res, envelope);
+}
+function respondEnvelope(res, envelope) {
+  json(res, httpStatusForEnvelope(envelope), envelope);
+}
+function bearerMatches(header, expected) {
+  if (!header || !header.startsWith("Bearer ")) return false;
+  const presented = header.slice("Bearer ".length).trim();
+  if (presented.length === 0) return false;
+  const a = crypto.createHash("sha256").update(presented).digest();
+  const b = crypto.createHash("sha256").update(expected).digest();
+  return crypto.timingSafeEqual(a, b);
+}
+function readBody(req, maxBytes) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    let total = 0;
+    req.on("data", (chunk) => {
+      total += chunk.length;
+      if (total > maxBytes) {
+        reject(new Error(`request body exceeds ${maxBytes} bytes`));
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => resolve(Buffer.concat(chunks).toString("utf8")));
+    req.on("error", reject);
+  });
+}
 function respondWithEvents(res, opts) {
   const entries = opts.queue.takeForHook();
   const events = entries.map((entry) => opts.adapter.formatTandemEvent(entry.event));

package/dist/index.d.ts

@@ -1,18 +1,21 @@
-interface ProxyConfig {
-    token: string;
-    url: string;
-    keystorePath: string;
-    /**
-     * How credentials were resolved at launch: "token" when `--token` was passed
-     * on the CLI, "paired" when read from ~/.kojee/config.json. The proxy records
-     * this in its session-discovery file so `kojee-mcp doctor` can render the
-     * pairing check honestly on a token-mode box (no config.json by design).
-     * Defaults to "paired" when unset (back-compat with callers predating the
-     * field).
-     */
-    authMode?: "token" | "paired";
-}
+import { G as GatewayClient, P as ProxyConfig } from './gateway-client-93P1E0CZ.js';
+import 'jose';
 
+/**
+ * List the tandem_ids where THIS AGENT holds an active seat, via a
+ * `tandem_list` tool call. The backend's tandem_list is PRINCIPAL-scoped:
+ * rows include rooms where only SIBLING agents of the principal sit
+ * (`my_membership: {is_member:false, principal_is_member:true}`). This is
+ * the auto ensure-join feed, so object rows are filtered to
+ * `my_membership.is_member === true` — FAIL CLOSED: a row missing the flag
+ * is excluded, because joining a room the agent was never in is the harm
+ * (live-reproduced 2026-06-10: 5 rows listed, only 2 agent seats).
+ * Returns the id array, or null when the list could not be determined (tool
+ * error or unparseable result) — null is the "unknown" signal callers map to a
+ * -1 membership count. MINOR 6: called fresh on every reconnect so the touch
+ * set tracks mid-session joins (not boot-frozen).
+ */
+declare function listTandemIds(gateway: GatewayClient): Promise<string[] | null>;
 declare function startProxy(config: ProxyConfig): Promise<void>;
 
-export { type ProxyConfig, startProxy };
+export { ProxyConfig, listTandemIds, startProxy };

package/dist/index.js

@@ -1,10 +1,16 @@
 import {
+  listTandemIds,
   startProxy
-} from "./chunk-YEC7IHIG.js";
+} from "./chunk-2BDAM3TH.js";
+import "./chunk-X672ZN7V.js";
 import "./chunk-BJMASMKX.js";
-import "./chunk-C6GZ2L2W.js";
-import "./chunk-WBMX4CHB.js";
+import "./chunk-6SK6ITFE.js";
+import "./chunk-3XDJOHMZ.js";
+import "./chunk-UEGQGXPY.js";
+import "./chunk-2MIISF2W.js";
+import "./chunk-LDZXU3DW.js";
 import "./chunk-BLEGIR35.js";
 export {
+  listTandemIds,
   startProxy
 };