morpheus-cli 0.1.4 → 0.1.6

package/dist/config/schemas.js

@@ -1,6 +1,7 @@
 import { z } from 'zod';
 import { DEFAULT_CONFIG } from '../types/config.js';
 export const AudioConfigSchema = z.object({
+    provider: z.enum(['google']).default(DEFAULT_CONFIG.audio.provider),
     enabled: z.boolean().default(DEFAULT_CONFIG.audio.enabled),
     apiKey: z.string().optional(),
     maxDurationSeconds: z.number().default(DEFAULT_CONFIG.audio.maxDurationSeconds),
@@ -16,9 +17,13 @@ export const ConfigSchema = z.object({
         provider: z.enum(['openai', 'anthropic', 'ollama', 'gemini']).default(DEFAULT_CONFIG.llm.provider),
         model: z.string().min(1).default(DEFAULT_CONFIG.llm.model),
         temperature: z.number().min(0).max(1).default(DEFAULT_CONFIG.llm.temperature),
+        max_tokens: z.number().int().positive().optional(),
         api_key: z.string().optional(),
     }).default(DEFAULT_CONFIG.llm),
     audio: AudioConfigSchema.default(DEFAULT_CONFIG.audio),
+    memory: z.object({
+        limit: z.number().int().positive().default(DEFAULT_CONFIG.memory.limit),
+    }).default(DEFAULT_CONFIG.memory),
     channels: z.object({
         telegram: z.object({
             enabled: z.boolean().default(false),
@@ -40,3 +45,14 @@ export const ConfigSchema = z.object({
         retention: z.string().default(DEFAULT_CONFIG.logging.retention),
     }).default(DEFAULT_CONFIG.logging),
 });
+export const MCPServerConfigSchema = z.object({
+    transport: z.enum(['stdio', 'http']),
+    command: z.string().min(1, 'Command is required'),
+    args: z.array(z.string()).optional().default([]),
+    env: z.record(z.string(), z.string()).optional().default({}),
+    _comment: z.string().optional(),
+});
+export const MCPConfigFileSchema = z.record(z.string(), z.union([
+    MCPServerConfigSchema,
+    z.string(),
+]));

package/dist/http/__tests__/auth.test.js

@@ -0,0 +1,53 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import request from 'supertest';
+import express from 'express';
+import bodyParser from 'body-parser';
+import { authMiddleware } from '../middleware/auth.js';
+import { AUTH_HEADER } from '../../types/auth.js';
+import { DisplayManager } from '../../runtime/display.js';
+vi.mock('../../runtime/display.js');
+describe('Auth Middleware', () => {
+    let app;
+    let mockDisplayManager;
+    beforeEach(() => {
+        vi.clearAllMocks();
+        mockDisplayManager = {
+            log: vi.fn(),
+        };
+        DisplayManager.getInstance.mockReturnValue(mockDisplayManager);
+        app = express();
+        app.use(bodyParser.json());
+        app.use(authMiddleware);
+        app.get('/test', (req, res) => res.status(200).json({ success: true }));
+        // Reset env var
+        delete process.env.THE_ARCHITECT_PASS;
+    });
+    it('should allow access when THE_ARCHITECT_PASS is not set', async () => {
+        const res = await request(app).get('/test');
+        expect(res.status).toBe(200);
+        expect(res.body.success).toBe(true);
+    });
+    it('should block access when THE_ARCHITECT_PASS is set and header is missing', async () => {
+        process.env.THE_ARCHITECT_PASS = 'secret123';
+        const res = await request(app).get('/test');
+        expect(res.status).toBe(401);
+        expect(res.body.error).toBe('Unauthorized');
+        expect(mockDisplayManager.log).toHaveBeenCalledWith(expect.stringContaining('Unauthorized'), expect.objectContaining({ source: 'http', level: 'warning' }));
+    });
+    it('should block access when THE_ARCHITECT_PASS is set and header is incorrect', async () => {
+        process.env.THE_ARCHITECT_PASS = 'secret123';
+        const res = await request(app)
+            .get('/test')
+            .set(AUTH_HEADER, 'wrongpass');
+        expect(res.status).toBe(401);
+        expect(mockDisplayManager.log).toHaveBeenCalled();
+    });
+    it('should allow access when THE_ARCHITECT_PASS is set and header matches', async () => {
+        process.env.THE_ARCHITECT_PASS = 'secret123';
+        const res = await request(app)
+            .get('/test')
+            .set(AUTH_HEADER, 'secret123');
+        expect(res.status).toBe(200);
+        expect(res.body.success).toBe(true);
+    });
+});

package/dist/http/api.js

@@ -4,6 +4,7 @@ import { PATHS } from '../config/paths.js';
 import { DisplayManager } from '../runtime/display.js';
 import fs from 'fs-extra';
 import path from 'path';
+import { SQLiteChatMessageHistory } from '../runtime/memory/sqlite.js';
 async function readLastLines(filePath, n) {
     try {
         const content = await fs.readFile(filePath, 'utf8');
@@ -39,6 +40,17 @@ export function createApiRouter() {
     router.get('/config', (req, res) => {
         res.json(configManager.get());
     });
+    router.get('/stats/usage', async (req, res) => {
+        try {
+            const history = new SQLiteChatMessageHistory({ sessionId: 'api-reader' });
+            const stats = await history.getGlobalUsageStats();
+            history.close();
+            res.json(stats);
+        }
+        catch (error) {
+            res.status(500).json({ error: error.message });
+        }
+    });
     // Calculate diff between two objects
     const getDiff = (obj1, obj2, prefix = '') => {
         const changes = [];

package/dist/http/middleware/auth.js

@@ -0,0 +1,23 @@
+import { AUTH_HEADER } from '../../types/auth.js';
+import { DisplayManager } from '../../runtime/display.js';
+/**
+ * Middleware to protect API routes with a password from THE_ARCHITECT_PASS env var.
+ * If the env var is not set, authentication is skipped (open mode).
+ */
+export const authMiddleware = (req, res, next) => {
+    const architectPass = process.env.THE_ARCHITECT_PASS;
+    // If password is not configured, allow all requests
+    if (!architectPass || architectPass.trim() === '') {
+        return next();
+    }
+    const providedPass = req.headers[AUTH_HEADER];
+    if (providedPass === architectPass) {
+        return next();
+    }
+    const display = DisplayManager.getInstance();
+    display.log(`Unauthorized access attempt to ${req.path}`, { source: 'http', level: 'warning' });
+    return res.status(401).json({
+        error: 'Unauthorized',
+        code: 'UNAUTHORIZED'
+    });
+};

package/dist/http/server.js

@@ -6,6 +6,7 @@ import { fileURLToPath } from 'url';
 import { ConfigManager } from '../config/manager.js';
 import { DisplayManager } from '../runtime/display.js';
 import { createApiRouter } from './api.js';
+import { authMiddleware } from './middleware/auth.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 export class HttpServer {
@@ -21,7 +22,7 @@ export class HttpServer {
         this.app.use(bodyParser.json());
     }
     setupRoutes() {
-        this.app.use('/api', createApiRouter());
+        this.app.use('/api', authMiddleware, createApiRouter());
         // Serve static frontend from compiled output
         const uiPath = path.resolve(__dirname, '../ui');
         this.app.use(express.static(uiPath));

package/dist/runtime/__tests__/agent.test.js

@@ -1,12 +1,14 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { Agent } from '../agent.js';
 import { ProviderFactory } from '../providers/factory.js';
+import { ToolsFactory } from '../tools/factory.js';
 import { DEFAULT_CONFIG } from '../../types/config.js';
 import { AIMessage } from '@langchain/core/messages';
 import * as fs from 'fs-extra';
 import * as path from 'path';
 import { homedir } from 'os';
 vi.mock('../providers/factory.js');
+vi.mock('../tools/factory.js');
 describe('Agent', () => {
     let agent;
     const mockProvider = {
@@ -27,8 +29,9 @@ describe('Agent', () => {
                 // Ignore errors if database doesn't exist or is corrupted
             }
         }
-        mockProvider.invoke.mockResolvedValue(new AIMessage('Hello world'));
-        vi.mocked(ProviderFactory.create).mockReturnValue(mockProvider);
+        mockProvider.invoke.mockResolvedValue({ messages: [new AIMessage('Hello world')] });
+        vi.mocked(ProviderFactory.create).mockResolvedValue(mockProvider);
+        vi.mocked(ToolsFactory.create).mockResolvedValue([]);
         agent = new Agent(DEFAULT_CONFIG);
     });
     afterEach(async () => {
@@ -44,7 +47,8 @@ describe('Agent', () => {
     });
     it('should initialize successfully', async () => {
         await agent.initialize();
-        expect(ProviderFactory.create).toHaveBeenCalledWith(DEFAULT_CONFIG.llm);
+        expect(ToolsFactory.create).toHaveBeenCalled();
+        expect(ProviderFactory.create).toHaveBeenCalledWith(DEFAULT_CONFIG.llm, []);
     });
     it('should chat successfully', async () => {
         await agent.initialize();
@@ -67,7 +71,7 @@ describe('Agent', () => {
         expect(history1[1].content).toBe('Hello world'); // AI
         // Second turn
         // Update mock return value for next call
-        mockProvider.invoke.mockResolvedValue(new AIMessage('I am fine'));
+        mockProvider.invoke.mockResolvedValue({ messages: [new AIMessage('I am fine')] });
         await agent.chat('How are you?');
         const history2 = await agent.getHistory();
         expect(history2).toHaveLength(4);

package/dist/runtime/__tests__/agent_memory_limit.test.js

@@ -0,0 +1,61 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { Agent } from '../agent.js';
+import { ProviderFactory } from '../providers/factory.js';
+import { DEFAULT_CONFIG } from '../../types/config.js';
+import { AIMessage } from '@langchain/core/messages';
+import * as fs from 'fs-extra';
+import * as path from 'path';
+import { homedir } from 'os';
+vi.mock('../providers/factory.js');
+describe('Agent Memory Limit', () => {
+    let agent;
+    const mockProvider = {
+        invoke: vi.fn(),
+    };
+    const dbPath = path.join(homedir(), ".morpheus", "memory", "short-memory.db");
+    beforeEach(async () => {
+        vi.resetAllMocks();
+        // Clean up DB
+        if (fs.existsSync(dbPath)) {
+            try {
+                const Database = (await import("better-sqlite3")).default;
+                const db = new Database(dbPath);
+                db.exec("DELETE FROM messages");
+                db.close();
+            }
+            catch (err) { }
+        }
+        mockProvider.invoke.mockResolvedValue({
+            messages: [new AIMessage('Response')]
+        });
+        vi.mocked(ProviderFactory.create).mockResolvedValue(mockProvider);
+    });
+    afterEach(async () => {
+        if (agent) {
+            try {
+                await agent.clearMemory();
+            }
+            catch (err) { }
+        }
+    });
+    it('should respect configured memory limit', async () => {
+        const limitedConfig = JSON.parse(JSON.stringify(DEFAULT_CONFIG));
+        limitedConfig.memory.limit = 2; // Only last 2 messages (1 exchange)
+        agent = new Agent(limitedConfig);
+        await agent.initialize();
+        // Turn 1
+        await agent.chat('Msg 1');
+        // Turn 2
+        await agent.chat('Msg 2');
+        // Turn 3
+        await agent.chat('Msg 3');
+        // DB should have 6 messages (3 User + 3 AI)
+        // getHistory() should return only 2 (User Msg 3 + AI Response)
+        // Wait, SQLiteChatMessageHistory limit might be total messages? Or pairs?
+        // LangChain's limit usually means "last N messages".
+        const history = await agent.getHistory();
+        // Assuming limit=2 means 2 messages.
+        expect(history.length).toBeLessThanOrEqual(2);
+        expect(history[history.length - 1].content).toBe('Response');
+    });
+});

package/dist/runtime/__tests__/agent_persistence.test.js

@@ -35,7 +35,7 @@ describe("Agent Persistence Integration", () => {
         // Mock the SQLiteChatMessageHistory to use test path
         // We'll use the default ~/.morpheus path for this test
         mockProvider.invoke.mockResolvedValue(new AIMessage("Test response"));
-        vi.mocked(ProviderFactory.create).mockReturnValue(mockProvider);
+        vi.mocked(ProviderFactory.create).mockResolvedValue(mockProvider);
         agent = new Agent(DEFAULT_CONFIG);
     });
     afterEach(async () => {

package/dist/runtime/__tests__/manual_start_verify.js

@@ -12,9 +12,13 @@ const mockConfig = {
     ui: { enabled: false, port: 3333 },
     logging: { enabled: false, level: 'info', retention: '1d' },
     audio: {
+        provider: 'google',
         enabled: false,
         maxDurationSeconds: 60,
         supportedMimeTypes: ['audio/ogg']
+    },
+    memory: {
+        limit: 100
     }
 };
 const run = async () => {

package/dist/runtime/agent.js

@@ -1,5 +1,6 @@
-import { HumanMessage, SystemMessage, AIMessage } from "@langchain/core/messages";
+import { HumanMessage, SystemMessage } from "@langchain/core/messages";
 import { ProviderFactory } from "./providers/factory.js";
+import { ToolsFactory } from "./tools/factory.js";
 import { ConfigManager } from "../config/manager.js";
 import { ProviderError } from "./errors.js";
 import { DisplayManager } from "./display.js";
@@ -23,13 +24,15 @@ export class Agent {
         // Note: API Key validation is delegated to ProviderFactory or the Provider itself 
         // to allow for Environment Variable fallback supported by LangChain.
         try {
-            this.provider = ProviderFactory.create(this.config.llm);
+            const tools = await ToolsFactory.create();
+            this.provider = await ProviderFactory.create(this.config.llm, tools);
             if (!this.provider) {
                 throw new Error("Provider factory returned undefined");
             }
             // Initialize persistent memory with SQLite
             this.history = new SQLiteChatMessageHistory({
                 sessionId: "default",
+                limit: this.config.memory?.limit || 100, // Fallback purely defensive if config type allows optional
             });
         }
         catch (err) {
@@ -39,7 +42,7 @@ export class Agent {
             throw new ProviderError(this.config.llm.provider || 'unknown', err, "Agent initialization failed");
         }
     }
-    async chat(message) {
+    async chat(message, extraUsage) {
         if (!this.provider) {
             throw new Error("Agent not initialized. Call initialize() first.");
         }
@@ -49,7 +52,70 @@ export class Agent {
         try {
             this.display.log('Processing message...', { source: 'Agent' });
             const userMessage = new HumanMessage(message);
-            const systemMessage = new SystemMessage(`You are ${this.config.agent.name}, ${this.config.agent.personality}. You are a personal dev assistent.`);
+            // Attach extra usage (e.g. from Audio) to the user message to be persisted
+            if (extraUsage) {
+                userMessage.usage_metadata = extraUsage;
+            }
+            const systemMessage = new SystemMessage(`You are ${this.config.agent.name}, ${this.config.agent.personality},a local AI operator responsible for orchestrating tools, MCPs, and language models to solve the user’s request accurately and reliably.
+
+          Your primary responsibility is NOT to answer from memory when external tools are available.
+
+          You must follow these rules strictly:
+
+          1. Tool Evaluation First
+          Before generating a final answer, always evaluate whether any available tool or MCP is capable of providing a more accurate, up-to-date, or authoritative response.
+
+          If a tool can provide the answer, you MUST call the tool.
+
+          2. No Historical Assumptions for Dynamic Data
+          If the user asks something that:
+          - may change over time
+          - depends on system state
+          - depends on filesystem
+          - depends on external APIs
+          - was previously asked in the conversation
+
+          You MUST NOT reuse previous outputs as final truth.
+
+          Instead:
+          - Re-evaluate available tools
+          - Re-execute the relevant tool
+          - Provide a fresh result
+
+          Even if the user already asked the same question before, you must treat the request as requiring a new verification.
+
+          3. History Is Context, Not Source of Truth
+          Conversation history may help with context, but it must not replace real-time verification via tools when tools are available.
+
+          Never assume:
+          - System state
+          - File contents
+          - Database values
+          - API responses
+          based only on previous messages.
+
+          4. Tool Priority Over Language Guessing
+          If a tool can compute, fetch, inspect, or verify something, prefer tool usage over generating a speculative answer.
+
+          Never hallucinate values that could be retrieved through a tool.
+
+          5. Freshness Principle
+          Repeated user queries require fresh validation.
+          Do not respond with:
+          "As I said before..."
+          Instead, perform a new tool check if applicable.
+
+          6. Final Answer Policy
+          Only provide a direct natural language answer if:
+          - No tool is relevant
+          - Tools are unavailable
+          - The question is conceptual or explanatory
+
+          Otherwise, use tools first.
+
+          You are an operator, not a guesser.
+          Accuracy is more important than speed.
+      `);
             // Load existing history from database
             const previousMessages = await this.history.getMessages();
             const messages = [
@@ -57,13 +123,22 @@ export class Agent {
                 ...previousMessages,
                 userMessage
             ];
-            const response = await this.provider.invoke(messages);
-            const content = typeof response.content === 'string' ? response.content : JSON.stringify(response.content);
-            // Persist messages to database
+            const response = await this.provider.invoke({ messages });
+            // Identify new messages generated during the interaction
+            // The `messages` array passed to invoke had length `messages.length`
+            // The `response.messages` contains the full state.
+            // New messages start after the inputs.
+            const startNewMessagesIndex = messages.length;
+            const newGeneratedMessages = response.messages.slice(startNewMessagesIndex);
+            // Persist User Message first
             await this.history.addMessage(userMessage);
-            await this.history.addMessage(new AIMessage(content));
+            // Persist all new intermediate tool calls and responses
+            for (const msg of newGeneratedMessages) {
+                await this.history.addMessage(msg);
+            }
             this.display.log('Response generated.', { source: 'Agent' });
-            return content;
+            const lastMessage = response.messages[response.messages.length - 1];
+            return (typeof lastMessage.content === 'string') ? lastMessage.content : JSON.stringify(lastMessage.content);
         }
         catch (err) {
             throw new ProviderError(this.config.llm.provider, err, "Chat request failed");

package/dist/runtime/audio-agent.js

@@ -32,7 +32,17 @@ export class AudioAgent {
             if (!text) {
                 throw new Error('No transcription generated');
             }
-            return text;
+            // Extract usage metadata
+            const usage = response.usageMetadata;
+            const usageMetadata = {
+                input_tokens: usage?.promptTokenCount ?? 0,
+                output_tokens: usage?.candidatesTokenCount ?? 0,
+                total_tokens: usage?.totalTokenCount ?? 0,
+                input_token_details: {
+                    cache_read: usage?.cachedContentTokenCount ?? 0
+                }
+            };
+            return { text, usage: usageMetadata };
         }
         catch (error) {
             // Wrap error for clarity

package/dist/runtime/display.js

@@ -83,6 +83,18 @@ export class DisplayManager {
             else if (options.source === 'AgentAudio') {
                 color = chalk.hex('#b902b9');
             }
+            else if (options.source === 'ToolsFactory') {
+                color = chalk.hex('#806d00');
+            }
+            else if (options.source === 'MCPServer') {
+                color = chalk.hex('#be4b1d');
+            }
+            else if (options.source === 'ToolCall') {
+                color = chalk.hex('#e5ff00');
+            }
+            else if (options.source === 'Config') {
+                color = chalk.hex('#00c3ff');
+            }
             prefix = color(`[${options.source}] `);
         }
         let formattedMessage = message;