mcpmake 0.1.0 → 0.2.0

package/dist/cloud/db/pg-store.js

@@ -1,336 +0,0 @@
-/**
- * PostgreSQL-backed store implementations.
- *
- * Drop-in replacements for the in-memory ServerStore, UserStore, and
- * SessionStore. Every query is parameterized.
- */
-import { randomBytes } from 'node:crypto';
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-const SESSION_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
-// ---------------------------------------------------------------------------
-// PgServerStore
-// ---------------------------------------------------------------------------
-export class PgServerStore {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    async create(record) {
-        const existing = await this.get(record.slug);
-        if (existing) {
-            throw new Error(`Server with slug "${record.slug}" already exists`);
-        }
-        await this.db.query(`INSERT INTO servers (slug, user_id, spec_hash, container_id, port, bearer_token, status, tool_count, created_at, last_active_at)
-       VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`, [
-            record.slug,
-            record.userId ?? null,
-            record.specHash,
-            record.containerId,
-            record.port,
-            record.bearerToken,
-            record.status,
-            record.toolCount,
-            record.createdAt,
-            record.lastActiveAt,
-        ]);
-    }
-    async get(slug) {
-        const { rows } = await this.db.query('SELECT * FROM servers WHERE slug = $1', [slug]);
-        return rows.length > 0 ? rowToServerRecord(rows[0]) : undefined;
-    }
-    async list() {
-        const { rows } = await this.db.query('SELECT * FROM servers ORDER BY created_at DESC');
-        return rows.map(rowToServerRecord);
-    }
-    async update(slug, updates) {
-        const existing = await this.get(slug);
-        if (!existing) {
-            throw new Error(`Server with slug "${slug}" not found`);
-        }
-        // Build SET clause from non-slug fields
-        const { slug: _ignored, ...safeUpdates } = updates;
-        const fieldMap = {
-            userId: 'user_id',
-            specHash: 'spec_hash',
-            containerId: 'container_id',
-            port: 'port',
-            bearerToken: 'bearer_token',
-            status: 'status',
-            toolCount: 'tool_count',
-            createdAt: 'created_at',
-            lastActiveAt: 'last_active_at',
-        };
-        const setClauses = [];
-        const values = [];
-        let paramIndex = 1;
-        for (const [key, value] of Object.entries(safeUpdates)) {
-            const column = fieldMap[key];
-            if (column && value !== undefined) {
-                setClauses.push(`${column} = $${paramIndex}`);
-                values.push(value);
-                paramIndex++;
-            }
-        }
-        if (setClauses.length === 0)
-            return;
-        values.push(slug);
-        await this.db.query(`UPDATE servers SET ${setClauses.join(', ')} WHERE slug = $${paramIndex}`, values);
-    }
-    async delete(slug) {
-        await this.db.query('DELETE FROM servers WHERE slug = $1', [slug]);
-    }
-    async findByPort(port) {
-        const { rows } = await this.db.query('SELECT * FROM servers WHERE port = $1 LIMIT 1', [
-            port,
-        ]);
-        return rows.length > 0 ? rowToServerRecord(rows[0]) : undefined;
-    }
-}
-function rowToServerRecord(row) {
-    return {
-        slug: row.slug,
-        userId: row.user_id ?? undefined,
-        specHash: row.spec_hash,
-        containerId: row.container_id,
-        port: row.port,
-        bearerToken: row.bearer_token,
-        status: row.status,
-        toolCount: row.tool_count,
-        createdAt: typeof row.created_at === 'string' ? row.created_at : new Date(row.created_at).toISOString(),
-        lastActiveAt: typeof row.last_active_at === 'string'
-            ? row.last_active_at
-            : new Date(row.last_active_at).toISOString(),
-    };
-}
-// ---------------------------------------------------------------------------
-// PgUserStore
-// ---------------------------------------------------------------------------
-export class PgUserStore {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    async create(record) {
-        const normalizedEmail = record.email.toLowerCase().trim();
-        const existing = await this.getByEmail(normalizedEmail);
-        if (existing) {
-            throw new Error(`User with email "${normalizedEmail}" already exists`);
-        }
-        await this.db.query(`INSERT INTO users (id, email, password_hash, plan, is_admin, created_at, last_login_at, stripe_customer_id)
-       VALUES ($1, $2, $3, $4, $5, $6, $7, $8)`, [
-            record.id,
-            normalizedEmail,
-            record.passwordHash,
-            record.plan,
-            record.isAdmin,
-            record.createdAt,
-            record.lastLoginAt,
-            record.stripeCustomerId ?? null,
-        ]);
-    }
-    async getById(id) {
-        const { rows } = await this.db.query('SELECT * FROM users WHERE id = $1', [id]);
-        return rows.length > 0 ? rowToUserRecord(rows[0]) : undefined;
-    }
-    async getByEmail(email) {
-        const normalized = email.toLowerCase().trim();
-        const { rows } = await this.db.query('SELECT * FROM users WHERE email = $1', [normalized]);
-        return rows.length > 0 ? rowToUserRecord(rows[0]) : undefined;
-    }
-    async list() {
-        const { rows } = await this.db.query('SELECT * FROM users ORDER BY created_at DESC');
-        return rows.map(rowToUserRecord);
-    }
-    async update(id, updates) {
-        const existing = await this.getById(id);
-        if (!existing) {
-            throw new Error(`User with id "${id}" not found`);
-        }
-        const { id: _ignored, ...safeUpdates } = updates;
-        const fieldMap = {
-            email: 'email',
-            passwordHash: 'password_hash',
-            plan: 'plan',
-            isAdmin: 'is_admin',
-            createdAt: 'created_at',
-            lastLoginAt: 'last_login_at',
-            stripeCustomerId: 'stripe_customer_id',
-            passwordResetTokenHash: 'password_reset_token_hash',
-            passwordResetExpiresAt: 'password_reset_expires_at',
-            emailVerified: 'email_verified',
-            emailVerificationTokenHash: 'email_verification_token_hash',
-            subscriptionPeriodEnd: 'subscription_period_end',
-            creditsCalls: 'credits_calls',
-        };
-        const setClauses = [];
-        const values = [];
-        let paramIndex = 1;
-        for (const [key, value] of Object.entries(safeUpdates)) {
-            const column = fieldMap[key];
-            if (column && value !== undefined) {
-                setClauses.push(`${column} = $${paramIndex}`);
-                values.push(value);
-                paramIndex++;
-            }
-        }
-        if (setClauses.length === 0)
-            return;
-        values.push(id);
-        await this.db.query(`UPDATE users SET ${setClauses.join(', ')} WHERE id = $${paramIndex}`, values);
-    }
-    async getByResetToken(tokenHash) {
-        const { rows } = await this.db.query('SELECT * FROM users WHERE password_reset_token_hash = $1 AND password_reset_expires_at > $2', [tokenHash, Date.now()]);
-        return rows.length > 0 ? rowToUserRecord(rows[0]) : undefined;
-    }
-    async getByVerificationToken(tokenHash) {
-        const { rows } = await this.db.query('SELECT * FROM users WHERE email_verification_token_hash = $1', [tokenHash]);
-        return rows.length > 0 ? rowToUserRecord(rows[0]) : undefined;
-    }
-    async getByStripeCustomerId(customerId) {
-        const { rows } = await this.db.query('SELECT * FROM users WHERE stripe_customer_id = $1 LIMIT 1', [customerId]);
-        return rows.length > 0 ? rowToUserRecord(rows[0]) : undefined;
-    }
-    async clearResetToken(id) {
-        await this.db.query('UPDATE users SET password_reset_token_hash = NULL, password_reset_expires_at = NULL WHERE id = $1', [id]);
-    }
-    async clearVerificationToken(id) {
-        await this.db.query('UPDATE users SET email_verification_token_hash = NULL WHERE id = $1', [
-            id,
-        ]);
-    }
-    async delete(id) {
-        await this.db.query('DELETE FROM users WHERE id = $1', [id]);
-    }
-    async count() {
-        const { rows } = await this.db.query('SELECT count(*) AS count FROM users');
-        return parseInt(rows[0].count, 10);
-    }
-}
-function rowToUserRecord(row) {
-    const record = {
-        id: row.id,
-        email: row.email,
-        passwordHash: row.password_hash,
-        plan: row.plan,
-        isAdmin: row.is_admin,
-        createdAt: typeof row.created_at === 'string' ? row.created_at : new Date(row.created_at).toISOString(),
-        lastLoginAt: typeof row.last_login_at === 'string'
-            ? row.last_login_at
-            : new Date(row.last_login_at).toISOString(),
-    };
-    if (row.stripe_customer_id) {
-        record.stripeCustomerId = row.stripe_customer_id;
-    }
-    if (row.password_reset_token_hash) {
-        record.passwordResetTokenHash = row.password_reset_token_hash;
-    }
-    if (row.password_reset_expires_at != null) {
-        record.passwordResetExpiresAt =
-            typeof row.password_reset_expires_at === 'number'
-                ? row.password_reset_expires_at
-                : Number(row.password_reset_expires_at);
-    }
-    if (row.email_verified != null) {
-        record.emailVerified = row.email_verified === true || row.email_verified === 't';
-    }
-    if (row.email_verification_token_hash) {
-        record.emailVerificationTokenHash = row.email_verification_token_hash;
-    }
-    if (row.subscription_period_end != null) {
-        record.subscriptionPeriodEnd =
-            typeof row.subscription_period_end === 'number'
-                ? row.subscription_period_end
-                : Number(row.subscription_period_end);
-    }
-    if (row.credits_calls != null) {
-        record.creditsCalls =
-            typeof row.credits_calls === 'number' ? row.credits_calls : Number(row.credits_calls);
-    }
-    return record;
-}
-// ---------------------------------------------------------------------------
-// PgSessionStore
-// ---------------------------------------------------------------------------
-export class PgSessionStore {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    async create(userId) {
-        const token = randomBytes(32).toString('hex');
-        const csrfToken = randomBytes(16).toString('hex');
-        const now = Date.now();
-        const session = {
-            token,
-            userId,
-            csrfToken,
-            createdAt: now,
-            expiresAt: now + SESSION_MAX_AGE_MS,
-        };
-        await this.db.query(`INSERT INTO sessions (token, user_id, csrf_token, created_at, expires_at, pending_server_tokens)
-       VALUES ($1, $2, $3, $4, $5, $6)`, [token, userId, csrfToken, now, session.expiresAt, null]);
-        return session;
-    }
-    async get(token) {
-        const { rows } = await this.db.query('SELECT * FROM sessions WHERE token = $1', [token]);
-        if (rows.length === 0)
-            return undefined;
-        const session = rowToSessionRecord(rows[0]);
-        // Check expiry
-        if (Date.now() > session.expiresAt) {
-            await this.destroy(token);
-            return undefined;
-        }
-        return session;
-    }
-    async destroy(token) {
-        await this.db.query('DELETE FROM sessions WHERE token = $1', [token]);
-    }
-    async setPendingServerToken(sessionToken, slug, serverBearerToken) {
-        const session = await this.get(sessionToken);
-        if (!session)
-            return;
-        const pending = session.pendingServerTokens ?? {};
-        pending[slug] = serverBearerToken;
-        await this.db.query('UPDATE sessions SET pending_server_tokens = $1 WHERE token = $2', [
-            JSON.stringify(pending),
-            sessionToken,
-        ]);
-    }
-    async consumePendingServerToken(sessionToken, slug) {
-        const session = await this.get(sessionToken);
-        if (!session?.pendingServerTokens)
-            return undefined;
-        const value = session.pendingServerTokens[slug];
-        if (value === undefined)
-            return undefined;
-        delete session.pendingServerTokens[slug];
-        const remaining = Object.keys(session.pendingServerTokens).length > 0
-            ? JSON.stringify(session.pendingServerTokens)
-            : null;
-        await this.db.query('UPDATE sessions SET pending_server_tokens = $1 WHERE token = $2', [
-            remaining,
-            sessionToken,
-        ]);
-        return value;
-    }
-    async cleanup() {
-        await this.db.query('DELETE FROM sessions WHERE expires_at < $1', [Date.now()]);
-    }
-}
-function rowToSessionRecord(row) {
-    const pending = row.pending_server_tokens;
-    const record = {
-        token: row.token,
-        userId: row.user_id,
-        csrfToken: row.csrf_token,
-        createdAt: typeof row.created_at === 'number' ? row.created_at : Number(row.created_at),
-        expiresAt: typeof row.expires_at === 'number' ? row.expires_at : Number(row.expires_at),
-    };
-    if (pending && typeof pending === 'object' && Object.keys(pending).length > 0) {
-        record.pendingServerTokens = pending;
-    }
-    return record;
-}

package/dist/cloud/failure-tracker.d.ts

@@ -1,51 +0,0 @@
-/**
- * In-memory API failure-rate tracker.
- *
- * Counts completed HTTP responses by status class in a rolling ring of
- * per-minute buckets. There is no single response choke point in the server
- * (responses complete via sendJson, sendHtml, redirects, SSE, and the proxy
- * stream), so this is fed once per response from the `res` `'finish'`/`'close'`
- * events in the server callback — never from the individual writers.
- *
- * Purely in-memory and bounded (one bucket per minute, capped window). Longer
- * history is derived by the periodic sampler into `metric_samples`.
- */
-/** Aggregate counts over a window. */
-export interface FailureWindow {
-    total: number;
-    c2xx: number;
-    c3xx: number;
-    c4xx: number;
-    c5xx: number;
-    /** Responses that never finished (client abort / destroyed socket). */
-    aborted: number;
-    /** (5xx + aborted) / total, as a percentage. The "is the API healthy" number. */
-    serverErrorRatePct: number;
-    /** 4xx / total, as a percentage. Client errors (often expected). */
-    clientErrorRatePct: number;
-}
-/** One per-minute point, for sparklines. */
-export interface FailurePoint {
-    /** Minute index (epoch ms / 60000). */
-    minute: number;
-    total: number;
-    errors: number;
-}
-export declare class FailureTracker {
-    private buckets;
-    private static minute;
-    private bucket;
-    /** Record a completed response by its final status code. */
-    record(statusCode: number, now?: number): void;
-    /** Record a response that never finished (aborted / destroyed). */
-    recordAborted(now?: number): void;
-    /** Drop buckets older than the retained window. */
-    prune(now?: number): void;
-    /** Aggregate counts over the last `minutes` minutes (default 60). */
-    window(minutes?: number, now?: number): FailureWindow;
-    /**
-     * Per-minute series over the last `minutes` minutes (oldest first), with empty
-     * minutes filled as zero so a sparkline has a stable x-axis.
-     */
-    series(minutes?: number, now?: number): FailurePoint[];
-}

package/dist/cloud/failure-tracker.js

@@ -1,102 +0,0 @@
-/**
- * In-memory API failure-rate tracker.
- *
- * Counts completed HTTP responses by status class in a rolling ring of
- * per-minute buckets. There is no single response choke point in the server
- * (responses complete via sendJson, sendHtml, redirects, SSE, and the proxy
- * stream), so this is fed once per response from the `res` `'finish'`/`'close'`
- * events in the server callback — never from the individual writers.
- *
- * Purely in-memory and bounded (one bucket per minute, capped window). Longer
- * history is derived by the periodic sampler into `metric_samples`.
- */
-const WINDOW_MINUTES = 60;
-/** Keep a little slack beyond the window so reads never race a prune. */
-const MAX_BUCKETS = WINDOW_MINUTES + 5;
-function emptyBucket() {
-    return { c2xx: 0, c3xx: 0, c4xx: 0, c5xx: 0, aborted: 0 };
-}
-export class FailureTracker {
-    buckets = new Map();
-    static minute(now) {
-        return Math.floor(now / 60_000);
-    }
-    bucket(now) {
-        const m = FailureTracker.minute(now);
-        let b = this.buckets.get(m);
-        if (!b) {
-            b = emptyBucket();
-            this.buckets.set(m, b);
-            // Bound memory: drop buckets older than the retained window.
-            if (this.buckets.size > MAX_BUCKETS)
-                this.prune(now);
-        }
-        return b;
-    }
-    /** Record a completed response by its final status code. */
-    record(statusCode, now = Date.now()) {
-        const b = this.bucket(now);
-        if (statusCode >= 500)
-            b.c5xx++;
-        else if (statusCode >= 400)
-            b.c4xx++;
-        else if (statusCode >= 300)
-            b.c3xx++;
-        else
-            b.c2xx++;
-    }
-    /** Record a response that never finished (aborted / destroyed). */
-    recordAborted(now = Date.now()) {
-        this.bucket(now).aborted++;
-    }
-    /** Drop buckets older than the retained window. */
-    prune(now = Date.now()) {
-        const cutoff = FailureTracker.minute(now) - MAX_BUCKETS;
-        for (const m of this.buckets.keys()) {
-            if (m < cutoff)
-                this.buckets.delete(m);
-        }
-    }
-    /** Aggregate counts over the last `minutes` minutes (default 60). */
-    window(minutes = WINDOW_MINUTES, now = Date.now()) {
-        const cutoff = FailureTracker.minute(now) - (minutes - 1);
-        const agg = emptyBucket();
-        for (const [m, b] of this.buckets) {
-            if (m < cutoff)
-                continue;
-            agg.c2xx += b.c2xx;
-            agg.c3xx += b.c3xx;
-            agg.c4xx += b.c4xx;
-            agg.c5xx += b.c5xx;
-            agg.aborted += b.aborted;
-        }
-        const total = agg.c2xx + agg.c3xx + agg.c4xx + agg.c5xx + agg.aborted;
-        const pct = (n) => (total > 0 ? (n / total) * 100 : 0);
-        return {
-            total,
-            c2xx: agg.c2xx,
-            c3xx: agg.c3xx,
-            c4xx: agg.c4xx,
-            c5xx: agg.c5xx,
-            aborted: agg.aborted,
-            serverErrorRatePct: pct(agg.c5xx + agg.aborted),
-            clientErrorRatePct: pct(agg.c4xx),
-        };
-    }
-    /**
-     * Per-minute series over the last `minutes` minutes (oldest first), with empty
-     * minutes filled as zero so a sparkline has a stable x-axis.
-     */
-    series(minutes = WINDOW_MINUTES, now = Date.now()) {
-        const end = FailureTracker.minute(now);
-        const start = end - (minutes - 1);
-        const out = [];
-        for (let m = start; m <= end; m++) {
-            const b = this.buckets.get(m);
-            const total = b ? b.c2xx + b.c3xx + b.c4xx + b.c5xx + b.aborted : 0;
-            const errors = b ? b.c5xx + b.aborted : 0;
-            out.push({ minute: m, total, errors });
-        }
-        return out;
-    }
-}

package/dist/cloud/idle-monitor.d.ts

@@ -1,30 +0,0 @@
-/**
- * Monitors container activity and stops idle containers.
- *
- * Runs a periodic check (default: every 60s) and stops containers
- * that haven't had activity for longer than the configured threshold.
- */
-import type { ServerStore } from './store.js';
-export interface IdleMonitorOptions {
-    /** Check interval in ms (default: 60_000 = 1 minute) */
-    checkIntervalMs?: number;
-    /** Idle threshold in ms for http servers (default: 3_600_000 = 1 hour) */
-    idleThresholdMs?: number;
-    /** Idle threshold in ms for Playwright servers (default: 1_800_000 = 30 minutes) */
-    playwrightIdleThresholdMs?: number;
-    /** Domain for Caddy route removal */
-    domain?: string;
-}
-export declare class IdleMonitor {
-    private readonly store;
-    private readonly portRelease;
-    private timer;
-    private readonly checkIntervalMs;
-    private readonly idleThresholdMs;
-    private readonly playwrightIdleThresholdMs;
-    private readonly domain;
-    constructor(store: ServerStore, portRelease: (port: number) => void, options?: IdleMonitorOptions);
-    start(): void;
-    stop(): void;
-    check(): Promise<number>;
-}

package/dist/cloud/idle-monitor.js

@@ -1,70 +0,0 @@
-/**
- * Monitors container activity and stops idle containers.
- *
- * Runs a periodic check (default: every 60s) and stops containers
- * that haven't had activity for longer than the configured threshold.
- */
-import { logger } from '../utils/logger.js';
-import { getContainerBackend } from './container-backend.js';
-export class IdleMonitor {
-    store;
-    portRelease;
-    timer;
-    checkIntervalMs;
-    idleThresholdMs;
-    playwrightIdleThresholdMs;
-    domain;
-    constructor(store, portRelease, options = {}) {
-        this.store = store;
-        this.portRelease = portRelease;
-        this.checkIntervalMs = options.checkIntervalMs ?? 60_000;
-        this.idleThresholdMs = options.idleThresholdMs ?? 3_600_000;
-        // Playwright containers use more resources, so default to a shorter idle timeout
-        this.playwrightIdleThresholdMs = options.playwrightIdleThresholdMs ?? 1_800_000;
-        this.domain = options.domain ?? 'mcpmake.dev';
-    }
-    start() {
-        if (this.timer)
-            return;
-        logger.info(`Idle monitor started (check every ${this.checkIntervalMs / 1000}s, threshold ${this.idleThresholdMs / 1000}s)`);
-        this.timer = setInterval(() => this.check(), this.checkIntervalMs);
-        this.timer.unref(); // Don't prevent process exit
-    }
-    stop() {
-        if (this.timer) {
-            clearInterval(this.timer);
-            this.timer = undefined;
-            logger.info('Idle monitor stopped');
-        }
-    }
-    async check() {
-        const now = Date.now();
-        const servers = this.store.list();
-        let stoppedCount = 0;
-        for (const server of servers) {
-            if (server.status !== 'running')
-                continue;
-            const lastActive = new Date(server.lastActiveAt).getTime();
-            const idleMs = now - lastActive;
-            const threshold = server.serverType === 'playwright' ? this.playwrightIdleThresholdMs : this.idleThresholdMs;
-            if (idleMs > threshold) {
-                logger.info(`Stopping idle server: ${server.slug} (idle for ${Math.round(idleMs / 60_000)}min)`);
-                try {
-                    await getContainerBackend().stopContainer(server.containerId);
-                }
-                catch (err) {
-                    logger.warn(`Failed to stop container for ${server.slug}: ${err}`);
-                }
-                // No Caddy route to remove — routing is backend-authoritative; the
-                // backend returns 503 for requests to a stopped server.
-                this.portRelease(server.port);
-                this.store.update(server.slug, { status: 'stopped' });
-                stoppedCount++;
-            }
-        }
-        if (stoppedCount > 0) {
-            logger.info(`Idle monitor: stopped ${stoppedCount} idle server(s)`);
-        }
-        return stoppedCount;
-    }
-}

package/dist/cloud/mailer.d.ts

@@ -1,21 +0,0 @@
-/**
- * Minimal email sender for transactional emails (password reset, etc.).
- *
- * Supports two modes:
- *   1. Console (default) — logs the email to stdout. Useful for development
- *      and self-hosted instances without email infrastructure.
- *   2. SMTP — sends via an external SMTP relay. Requires env vars:
- *        SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS, MAIL_FROM
- *
- * Uses Node.js built-in `net`/`tls` modules — zero external dependencies.
- */
-export interface MailOptions {
-    to: string;
-    subject: string;
-    text: string;
-    html?: string;
-}
-/**
- * Send an email. Falls back to console logging when SMTP is not configured.
- */
-export declare function sendMail(options: MailOptions): Promise<void>;