kojee-mcp 0.5.7 → 0.5.9

package/dist/{wizard-UOXQYJLP.js → wizard-PLGHYCT3.js}

@@ -1,3 +1,9 @@
+import {
+  buildCodexMcpServerTable,
+  buildCodexStopHookBlock,
+  removeCodexConfig,
+  writeCodexConfig
+} from "./chunk-65KRRDHP.js";
 import {
   WIZARD_RUNTIMES,
   isWizardRuntime
@@ -7,12 +13,6 @@ import {
   readRecordedRuntime,
   recordRuntime
 } from "./chunk-EW72ZNQL.js";
-import {
-  buildCodexMcpServerTable,
-  buildCodexStopHookBlock,
-  removeCodexConfig,
-  writeCodexConfig
-} from "./chunk-64EOLZNI.js";
 import {
   kojeeHomeDir
 } from "./chunk-SQL56SEB.js";
@@ -32,6 +32,7 @@ import {
 import crypto from "crypto";
 import fs from "fs";
 import path from "path";
+var DEFAULT_BROKER_URL = "https://rosie-staging.kojee.net";
 function generateWebhookSecret() {
   return crypto.randomBytes(32).toString("hex");
 }
@@ -115,6 +116,49 @@ function writeRuntimeEnvFile(runtime, url, secret, signatureEnv = []) {
   return envPath;
 }
 var CODEX_UNVERIFIED_NOTE = "NOTE: live Codex verification (hook fires, MCP server connects, bounded listen works) has not been run on this build \u2014 confirm in a real Codex session. This is the owner morning step.";
+function runtimeUsesWebhook(runtime) {
+  return runtime === "codex" || runtime === "hermes" || runtime === "openclaw";
+}
+async function gatherGuidedInputs(runtime, opts) {
+  const preamble = [];
+  const next = { ...opts };
+  if (opts.promptUrl) {
+    const answered = (await opts.promptUrl(opts.url ?? DEFAULT_BROKER_URL)).trim();
+    next.url = (answered.length > 0 ? answered : opts.url ?? DEFAULT_BROKER_URL).replace(/\/+$/, "");
+  }
+  const brokerUrl = (next.url ?? DEFAULT_BROKER_URL).replace(/\/+$/, "");
+  if (opts.promptAuth) {
+    const mode = await opts.promptAuth();
+    if (mode === "token") {
+      const token = opts.promptToken ? (await opts.promptToken()).trim() : "";
+      if (!token) return { error: "No token entered. Re-run `kojee-mcp init` and paste a token, or choose pair mode." };
+      next.token = token;
+      next.url = brokerUrl;
+      preamble.push("Auth: token mode \u2014 the written MCP config will launch the proxy with --token/--url");
+      preamble.push("      (it enrolls its own per-token keystore on first boot).");
+    } else {
+      const code = opts.promptPairCode ? (await opts.promptPairCode()).trim() : "";
+      if (!code) return { error: "No pair code entered. Re-run `kojee-mcp init` and enter a pair code, or choose token mode." };
+      const pair = opts.runPair ?? (async (a) => {
+        const { runPair } = await import("./pair-P4ILCMT7.js");
+        const { pairedConfigPath } = await import("./paired-config-JTFLHMZ2.js");
+        const { defaultPairedKeystorePath } = await import("./keystore-XLEV3FL5.js");
+        return runPair({ code: a.code, url: a.url, keystorePath: defaultPairedKeystorePath(), configPath: pairedConfigPath() });
+      });
+      try {
+        const { message } = await pair({ code, url: brokerUrl });
+        preamble.push(`Auth: pair mode \u2014 ${message}`);
+      } catch (err) {
+        return { error: `Pairing failed: ${err.message}` };
+      }
+    }
+  }
+  if (runtimeUsesWebhook(runtime) && opts.promptWebhookUrl && opts.webhookUrl === void 0) {
+    const wh = (await opts.promptWebhookUrl()).trim();
+    if (wh.length > 0) next.webhookUrl = wh;
+  }
+  return { opts: next, preamble };
+}
 async function runWizard(opts) {
   const resolved = await resolveRuntime(opts);
   if ("error" in resolved) {
@@ -124,15 +168,44 @@ async function runWizard(opts) {
   if (opts.uninstall) {
     return runWizardUninstall(runtime, opts);
   }
-  if (runtime === "claude-code") return configureClaudeCode(opts);
-  if (runtime === "codex") return configureCodex(opts);
-  return configureWebhookDaemon(runtime, opts);
+  let effective = opts;
+  let preamble = [];
+  if (opts.interactive && (opts.promptUrl || opts.promptAuth || opts.promptWebhookUrl)) {
+    const gathered = await gatherGuidedInputs(runtime, opts);
+    if ("error" in gathered) {
+      return { runtime, output: gathered.error, exitCode: 2 };
+    }
+    effective = gathered.opts;
+    preamble = gathered.preamble;
+  }
+  const result = runtime === "claude-code" ? await configureClaudeCode(effective) : runtime === "codex" ? configureCodex(effective) : configureWebhookDaemon(runtime, effective);
+  if (preamble.length > 0 && result.exitCode === 0) {
+    return {
+      ...result,
+      output: [...preamble, "", result.output, "", whatHappensNext(runtime, effective)].join("\n")
+    };
+  }
+  return result;
+}
+function whatHappensNext(runtime, opts) {
+  const lines = ["What happens next:"];
+  lines.push("  - Restart your runtime so it picks up the new kojee config.");
+  if (opts.token) {
+    lines.push("  - First boot enrolls this token's own keystore (~/.kojee/keypair-<hash>.json).");
+  } else {
+    lines.push("  - The proxy uses your paired credentials (~/.kojee/config.json + keypair.json).");
+  }
+  lines.push("  - Verify with: kojee-mcp doctor");
+  return lines.join("\n");
 }
 async function configureClaudeCode(opts) {
-  const { runInit } = await import("./install-WBIUVBZW.js");
+  const { runInit } = await import("./install-LJY2CHKG.js");
   const report = runInit({
     ...opts.configPath ? { configPath: opts.configPath } : {},
-    ...opts.hooksPath ? { hooksPath: opts.hooksPath } : {}
+    ...opts.hooksPath ? { hooksPath: opts.hooksPath } : {},
+    // Token mode threads --token/--url into the written args (per-token
+    // keystore). Paired mode leaves both unset ⇒ args stay `["kojee-mcp"]`.
+    ...opts.token && opts.url ? { token: opts.token, url: opts.url } : {}
   });
   recordRuntime("claude-code");
   return { runtime: "claude-code", output: formatClaudeInit(report), exitCode: 0 };
@@ -180,12 +253,14 @@ function configureCodex(opts) {
   }
   const url = wh.url || "https://YOUR-CODEX-WEBHOOK-RECEIVER.local/kojee";
   const secret = wh.secret || generateWebhookSecret();
+  const tokenArgs = opts.token && opts.url ? { token: opts.token, url: opts.url } : {};
   writeCodexConfig({
     ...opts.configPath ? { configPath: opts.configPath } : {},
     ...opts.hooksPath ? { hooksPath: opts.hooksPath } : {},
     webhookUrl: url,
     webhookSecret: secret,
-    ...wh.signatureEnv.length > 0 ? { signatureEnv: wh.signatureEnv } : {}
+    ...wh.signatureEnv.length > 0 ? { signatureEnv: wh.signatureEnv } : {},
+    ...tokenArgs
   });
   recordRuntime("codex");
   const lines = [];
@@ -196,7 +271,11 @@ function configureCodex(opts) {
   lines.push(indent(buildCodexMcpServerTable({
     webhookUrl: url,
     webhookSecret: "<redacted>",
-    ...wh.signatureEnv.length > 0 ? { signatureEnv: wh.signatureEnv } : {}
+    ...wh.signatureEnv.length > 0 ? { signatureEnv: wh.signatureEnv } : {},
+    // Redact the gateway token in the human-readable printed copy (it ends up
+    // in result.output → cli.ts console.error). The WRITTEN config above keeps
+    // the real token; only this printed report is redacted, like webhookSecret.
+    ...tokenArgs.token ? { token: "<redacted>", url: tokenArgs.url } : {}
   })));
   if (wh.warning) lines.push(`webhook WARNING: ${wh.warning}`);
   lines.push("");
@@ -254,7 +333,7 @@ async function runWizardUninstall(runtime, opts) {
   const effective = opts.runtime !== void 0 ? runtime : readRecordedRuntime() ?? runtime;
   const lines = [`Uninstalling runtime: ${effective}`];
   if (effective === "claude-code") {
-    const { runUninstall } = await import("./install-WBIUVBZW.js");
+    const { runUninstall } = await import("./install-LJY2CHKG.js");
     const report = runUninstall({
       ...opts.configPath ? { configPath: opts.configPath } : {},
       ...opts.hooksPath ? { hooksPath: opts.hooksPath } : {}
@@ -295,6 +374,7 @@ function indent(s) {
 }
 export {
   CODEX_UNVERIFIED_NOTE,
+  DEFAULT_BROKER_URL,
   generateWebhookSecret,
   resolveRuntime,
   resolveWizardWebhook,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kojee-mcp",
-  "version": "0.5.7",
+  "version": "0.5.9",
   "type": "module",
   "main": "dist/index.js",
   "exports": {