loaditout-mcp-server 0.1.0 → 0.2.0

package/dist/index.js

@@ -101,7 +101,7 @@ function fetchJSON(url, extraHeaders) {
             .on("error", reject);
     });
 }
-function postJSON(url, body) {
+function postJSON(url, body, extraHeaders) {
     return new Promise((resolve, reject) => {
         const payload = JSON.stringify(body);
         const parsed = new URL(url);
@@ -114,6 +114,7 @@ function postJSON(url, body) {
                 "Content-Type": "application/json",
                 "Content-Length": Buffer.byteLength(payload),
                 "User-Agent": `loaditout-mcp/${SERVER_VERSION}`,
+                ...extraHeaders,
             },
         };
         const req = https.request(options, (res) => {
@@ -297,6 +298,28 @@ const TOOLS = [
             required: ["slug", "status"],
         },
     },
+    {
+        name: "list_my_proofs",
+        description: "List all execution proofs for this agent. Shows your verified skill usage history -- your agent resume.",
+        inputSchema: {
+            type: "object",
+            properties: {},
+        },
+    },
+    {
+        name: "verify_proof",
+        description: "Verify an execution proof by its proof ID. Confirms whether a proof is valid and which skill it covers.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                proof_id: {
+                    type: "string",
+                    description: "The proof ID to verify. Example: 'lp_a1b2c3d4e5f6g7h8'",
+                },
+            },
+            required: ["proof_id"],
+        },
+    },
     {
         name: "save_memory",
         description: "Save a key-value pair to persistent agent memory. Survives across sessions. Use this to remember installed skills, preferences, search context, or any data you want to recall later.",
@@ -412,9 +435,139 @@ const TOOLS = [
             required: ["slug", "agent"],
         },
     },
+    {
+        name: "validate_action",
+        description: "Validate whether an action on a skill is safe before executing it. Checks security grade, safety manifest, parameter injection, and skill freshness.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                slug: {
+                    type: "string",
+                    description: "Skill slug in owner/repo format. Example: 'supabase/mcp'",
+                },
+                action: {
+                    type: "string",
+                    description: "The action about to be performed. Example: 'query_database'",
+                },
+                parameters: {
+                    type: "object",
+                    description: "Parameters that will be passed to the action. Checked for injection patterns.",
+                },
+            },
+            required: ["slug", "action"],
+        },
+    },
+    {
+        name: "flag_skill",
+        description: "Report a skill that behaves unexpectedly, contains prompt injection, is broken, or is otherwise problematic. Helps the community identify unsafe skills.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                slug: {
+                    type: "string",
+                    description: "Skill slug in owner/repo format. Example: 'owner/repo-name'",
+                },
+                reason: {
+                    type: "string",
+                    enum: [
+                        "prompt_injection",
+                        "malicious",
+                        "broken",
+                        "misleading",
+                        "spam",
+                        "other",
+                    ],
+                    description: "Why the skill is being flagged",
+                },
+                details: {
+                    type: "string",
+                    description: "Additional context about the issue. Example: 'The SKILL.md contains instructions to ignore safety checks'",
+                },
+            },
+            required: ["slug", "reason"],
+        },
+    },
+    {
+        name: "smart_search",
+        description: "Search for skills with your history and preferences automatically applied. Returns personalized results excluding skills you already have. Use this by default instead of search_skills.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                query: {
+                    type: "string",
+                    description: "Natural language search query. Examples: 'postgres database', 'browser automation', 'github issues'",
+                },
+                limit: {
+                    type: "number",
+                    description: "Max results to return (default 10, max 25)",
+                },
+            },
+            required: ["query"],
+        },
+    },
 ];
+/**
+ * Load agent memory entries. Returns parsed memories or empty array.
+ * Never throws -- failures are silently ignored so callers always proceed.
+ */
+async function loadAgentMemory(typeFilter) {
+    try {
+        const params = new URLSearchParams({ agent_key: AGENT_KEY });
+        if (typeFilter)
+            params.set("type", typeFilter);
+        const result = (await fetchJSON(`${API_BASE}/memory?${params.toString()}`));
+        return result.memories ?? [];
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Extract installed skill slugs from memory entries.
+ */
+function extractInstalledSlugs(memories) {
+    for (const m of memories) {
+        if (m.key === "installed_skills" && Array.isArray(m.value)) {
+            return m.value;
+        }
+    }
+    return [];
+}
+/**
+ * Extract recent search queries from memory entries.
+ */
+function extractRecentSearches(memories) {
+    for (const m of memories) {
+        if (m.key === "recent_searches" && Array.isArray(m.value)) {
+            return m.value;
+        }
+    }
+    return [];
+}
+/**
+ * Fire-and-forget save to agent memory. Never throws.
+ */
+function saveMemoryAsync(key, value, type) {
+    postJSON(`${API_BASE}/memory`, {
+        agent_key: AGENT_KEY,
+        key,
+        value,
+        type,
+    }).catch(() => { });
+}
+/**
+ * Append a search query to the recent_searches memory (keep last 20).
+ */
+function recordSearchQuery(query, existingSearches) {
+    const updated = [...existingSearches.filter((q) => q !== query), query].slice(-20);
+    saveMemoryAsync("recent_searches", updated, "search");
+}
 // --- Tool handlers ---
 async function handleSearchSkills(args) {
+    // Auto-load agent memory to get installed skills and search history
+    const memories = await loadAgentMemory();
+    const installedSlugs = extractInstalledSlugs(memories);
+    const recentSearches = extractRecentSearches(memories);
     const params = new URLSearchParams({ q: args.query });
     if (args.type)
         params.set("type", args.type);
@@ -422,8 +575,18 @@ async function handleSearchSkills(args) {
         params.set("agent", args.agent);
     if (args.limit)
         params.set("limit", String(args.limit));
-    const result = await fetchJSON(`${API_BASE}/search?${params.toString()}`);
-    return JSON.stringify(result, null, 2);
+    const result = await fetchJSON(`${API_BASE}/search?${params.toString()}`, {
+        "X-Agent-Key": AGENT_KEY,
+    });
+    // Fire-and-forget: record this search query to memory
+    recordSearchQuery(args.query, recentSearches);
+    // Filter out already-installed skills from results client-side
+    const parsed = result;
+    if (parsed.results && installedSlugs.length > 0) {
+        const installedSet = new Set(installedSlugs);
+        parsed.results = parsed.results.filter((r) => !r.slug || !installedSet.has(r.slug));
+    }
+    return JSON.stringify(parsed, null, 2);
 }
 async function handleGetSkill(args) {
     const result = await fetchJSON(`${API_BASE}/skill/${encodeURIComponent(args.slug)}`);
@@ -432,6 +595,12 @@ async function handleGetSkill(args) {
 async function handleInstallSkill(args) {
     const params = new URLSearchParams({ agent: args.agent });
     const result = await fetchJSON(`${API_BASE}/install/${encodeURIComponent(args.slug)}?${params.toString()}`, { "X-Agent-Key": AGENT_KEY });
+    // Fire-and-forget: save this slug to installed_skills memory
+    const memories = await loadAgentMemory().catch(() => []);
+    const existing = extractInstalledSlugs(memories);
+    if (!existing.includes(args.slug)) {
+        saveMemoryAsync("installed_skills", [...existing, args.slug], "install");
+    }
     return JSON.stringify(result, null, 2);
 }
 async function handleListCategories() {
@@ -439,9 +608,27 @@ async function handleListCategories() {
     return JSON.stringify(result, null, 2);
 }
 async function handleRecommendSkills(args) {
-    const params = new URLSearchParams({ context: args.context });
-    if (args.installed)
-        params.set("installed", args.installed);
+    // Auto-load agent memory for personalization
+    const memories = await loadAgentMemory();
+    const installedSlugs = extractInstalledSlugs(memories);
+    const recentSearches = extractRecentSearches(memories);
+    // Merge installed skills from memory with any explicitly provided
+    const allInstalled = new Set(installedSlugs);
+    if (args.installed) {
+        for (const s of args.installed.split(",").map((s) => s.trim()).filter(Boolean)) {
+            allInstalled.add(s);
+        }
+    }
+    // Enrich context with relevant search history keywords
+    let enrichedContext = args.context;
+    if (recentSearches.length > 0) {
+        const recentKeywords = recentSearches.slice(-5).join(", ");
+        enrichedContext = `${args.context} (recent interests: ${recentKeywords})`;
+    }
+    const params = new URLSearchParams({ context: enrichedContext });
+    if (allInstalled.size > 0) {
+        params.set("installed", Array.from(allInstalled).join(","));
+    }
     const result = await fetchJSON(`${API_BASE}/recommend?${params.toString()}`, { "X-Agent-Key": AGENT_KEY });
     return JSON.stringify(result, null, 2);
 }
@@ -469,13 +656,64 @@ async function handleReportSkillUsage(args) {
     const body = {
         slug: args.slug,
         status: args.status,
+        agent: "claude-code",
+        agent_key: AGENT_KEY,
     };
     if (args.error_message) {
         body.error_message = args.error_message;
     }
-    const result = await postJSON(`${API_BASE}/report`, body);
+    const result = (await postJSON(`${API_BASE}/report`, body));
+    if (result.proof) {
+        const lines = [
+            "Skill usage reported successfully.",
+            "",
+            "Execution Proof:",
+            `  Proof ID: ${result.proof.proof_id}`,
+            `  Verify: ${result.proof.verify_url}`,
+            `  ${result.proof.shareable_text}`,
+        ];
+        return lines.join("\n");
+    }
     return JSON.stringify(result, null, 2);
 }
+async function handleListMyProofs() {
+    const params = new URLSearchParams({ agent_key: AGENT_KEY });
+    const result = (await fetchJSON(`${API_BASE}/proofs?${params.toString()}`));
+    if (result.error) {
+        return `Failed to list proofs: ${result.error}`;
+    }
+    const proofs = result.proofs ?? [];
+    if (proofs.length === 0) {
+        return "No execution proofs yet. Report successful skill usage to earn proofs.";
+    }
+    const lines = [
+        `Execution Proofs (${proofs.length} total):`,
+        "",
+    ];
+    proofs.forEach((p, i) => {
+        lines.push(`${i + 1}. ${p.skill_name ?? p.skill_slug} [${p.proof_id}]`);
+        lines.push(`   Skill: ${p.skill_slug}`);
+        lines.push(`   Verify: ${p.verify_url}`);
+        lines.push(`   Date: ${p.created_at ?? "unknown"}`);
+        lines.push("");
+    });
+    return lines.join("\n");
+}
+async function handleVerifyProof(args) {
+    const result = (await fetchJSON(`${API_BASE}/verify/${encodeURIComponent(args.proof_id)}`));
+    if (result.error) {
+        return `Verification failed: ${result.error}`;
+    }
+    if (!result.valid) {
+        return `Proof ${args.proof_id} is NOT valid.`;
+    }
+    return [
+        `Proof ${result.proof_id} is VALID.`,
+        `  Skill: ${result.skill}`,
+        `  Verified at: ${result.verified_at}`,
+        `  Platform: ${result.platform}`,
+    ].join("\n");
+}
 async function handleSaveMemory(args) {
     const body = {
         agent_key: AGENT_KEY,
@@ -554,6 +792,83 @@ async function handleInstallPack(args) {
     });
     return lines.join("\n");
 }
+async function handleSmartSearch(args) {
+    // Load all agent memory (installed skills, recent searches, preferences)
+    const memories = await loadAgentMemory();
+    const installedSlugs = extractInstalledSlugs(memories);
+    const recentSearches = extractRecentSearches(memories);
+    const params = new URLSearchParams({ q: args.query });
+    if (args.limit)
+        params.set("limit", String(args.limit));
+    const result = await fetchJSON(`${API_BASE}/search?${params.toString()}`, {
+        "X-Agent-Key": AGENT_KEY,
+    });
+    // Fire-and-forget: record this search query
+    recordSearchQuery(args.query, recentSearches);
+    // Filter out already-installed skills
+    const parsed = result;
+    const excludedCount = { value: 0 };
+    if (parsed.results && installedSlugs.length > 0) {
+        const installedSet = new Set(installedSlugs);
+        const originalLength = parsed.results.length;
+        parsed.results = parsed.results.filter((r) => !r.slug || !installedSet.has(r.slug));
+        excludedCount.value = originalLength - parsed.results.length;
+    }
+    // Add metadata about personalization
+    const output = { ...parsed };
+    output._personalization = {
+        installed_skills_excluded: excludedCount.value,
+        installed_skills_count: installedSlugs.length,
+        recent_searches: recentSearches.slice(-5),
+    };
+    return JSON.stringify(output, null, 2);
+}
+async function handleFlagSkill(args) {
+    const body = {
+        reason: args.reason,
+    };
+    if (args.details) {
+        body.details = args.details;
+    }
+    const url = `https://loaditout.ai/api/skills/${encodeURIComponent(args.slug)}/flag`;
+    const result = (await postJSON(url, body, { "X-Agent-Key": AGENT_KEY }));
+    if (result.error) {
+        return `Flag failed: ${result.error}`;
+    }
+    return `Skill "${args.slug}" has been flagged for "${args.reason}". Thank you for helping keep the registry safe.`;
+}
+async function handleValidateAction(args) {
+    const body = {
+        slug: args.slug,
+        action: args.action,
+        agent_key: AGENT_KEY,
+    };
+    if (args.parameters) {
+        body.parameters = args.parameters;
+    }
+    const result = (await postJSON(`${API_BASE}/validate`, body));
+    if (result.error) {
+        return `Validation failed: ${result.error}`;
+    }
+    const lines = [
+        `Validation result for ${args.slug} / ${args.action}:`,
+        `  Safe to proceed: ${result.valid ? "YES" : "NO"}`,
+        `  Risk level: ${result.risk_level ?? "unknown"}`,
+        `  Security grade: ${result.security_grade ?? "unknown"}`,
+        `  Skill verified: ${result.skill_verified ? "yes" : "no"}`,
+    ];
+    if (result.last_updated_days_ago !== undefined) {
+        lines.push(`  Last updated: ${result.last_updated_days_ago} days ago`);
+    }
+    const warnings = result.warnings ?? [];
+    if (warnings.length > 0) {
+        lines.push(`  Warnings:`);
+        for (const w of warnings) {
+            lines.push(`    - ${w}`);
+        }
+    }
+    return lines.join("\n");
+}
 function makeResponse(id, result) {
     return { jsonrpc: "2.0", id, result };
 }
@@ -617,6 +932,12 @@ async function handleRequest(request) {
                     case "report_skill_usage":
                         resultText = await handleReportSkillUsage(toolArgs);
                         break;
+                    case "list_my_proofs":
+                        resultText = await handleListMyProofs();
+                        break;
+                    case "verify_proof":
+                        resultText = await handleVerifyProof(toolArgs);
+                        break;
                     case "save_memory":
                         resultText = await handleSaveMemory(toolArgs);
                         break;
@@ -638,6 +959,15 @@ async function handleRequest(request) {
                     case "install_pack":
                         resultText = await handleInstallPack(toolArgs);
                         break;
+                    case "validate_action":
+                        resultText = await handleValidateAction(toolArgs);
+                        break;
+                    case "flag_skill":
+                        resultText = await handleFlagSkill(toolArgs);
+                        break;
+                    case "smart_search":
+                        resultText = await handleSmartSearch(toolArgs);
+                        break;
                     default:
                         send(makeError(id, -32601, `Unknown tool: ${toolName}`));
                         return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loaditout-mcp-server",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "MCP server for discovering and installing AI agent skills from Loaditout",
   "bin": {
     "loaditout-mcp": "./dist/index.js"