npm - mstro-app - Versions diffs - 0.1.47 - Mend

mstro-app 0.1.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/LICENSE +21 -0
package/README.md +177 -0
package/bin/commands/config.js +145 -0
package/bin/commands/login.js +313 -0
package/bin/commands/logout.js +75 -0
package/bin/commands/status.js +197 -0
package/bin/commands/whoami.js +161 -0
package/bin/configure-claude.js +298 -0
package/bin/mstro.js +581 -0
package/bin/postinstall.js +45 -0
package/bin/release.sh +110 -0
package/dist/server/cli/headless/claude-invoker.d.ts +17 -0
package/dist/server/cli/headless/claude-invoker.d.ts.map +1 -0
package/dist/server/cli/headless/claude-invoker.js +311 -0
package/dist/server/cli/headless/claude-invoker.js.map +1 -0
package/dist/server/cli/headless/index.d.ts +13 -0
package/dist/server/cli/headless/index.d.ts.map +1 -0
package/dist/server/cli/headless/index.js +10 -0
package/dist/server/cli/headless/index.js.map +1 -0
package/dist/server/cli/headless/mcp-config.d.ts +11 -0
package/dist/server/cli/headless/mcp-config.d.ts.map +1 -0
package/dist/server/cli/headless/mcp-config.js +76 -0
package/dist/server/cli/headless/mcp-config.js.map +1 -0
package/dist/server/cli/headless/output-utils.d.ts +33 -0
package/dist/server/cli/headless/output-utils.d.ts.map +1 -0
package/dist/server/cli/headless/output-utils.js +101 -0
package/dist/server/cli/headless/output-utils.js.map +1 -0
package/dist/server/cli/headless/prompt-utils.d.ts +21 -0
package/dist/server/cli/headless/prompt-utils.d.ts.map +1 -0
package/dist/server/cli/headless/prompt-utils.js +84 -0
package/dist/server/cli/headless/prompt-utils.js.map +1 -0
package/dist/server/cli/headless/runner.d.ts +24 -0
package/dist/server/cli/headless/runner.d.ts.map +1 -0
package/dist/server/cli/headless/runner.js +99 -0
package/dist/server/cli/headless/runner.js.map +1 -0
package/dist/server/cli/headless/types.d.ts +106 -0
package/dist/server/cli/headless/types.d.ts.map +1 -0
package/dist/server/cli/headless/types.js +4 -0
package/dist/server/cli/headless/types.js.map +1 -0
package/dist/server/cli/improvisation-session-manager.d.ts +155 -0
package/dist/server/cli/improvisation-session-manager.d.ts.map +1 -0
package/dist/server/cli/improvisation-session-manager.js +415 -0
package/dist/server/cli/improvisation-session-manager.js.map +1 -0
package/dist/server/index.d.ts +2 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/index.js +386 -0
package/dist/server/index.js.map +1 -0
package/dist/server/mcp/bouncer-cli.d.ts +3 -0
package/dist/server/mcp/bouncer-cli.d.ts.map +1 -0
package/dist/server/mcp/bouncer-cli.js +99 -0
package/dist/server/mcp/bouncer-cli.js.map +1 -0
package/dist/server/mcp/bouncer-integration.d.ts +36 -0
package/dist/server/mcp/bouncer-integration.d.ts.map +1 -0
package/dist/server/mcp/bouncer-integration.js +301 -0
package/dist/server/mcp/bouncer-integration.js.map +1 -0
package/dist/server/mcp/security-audit.d.ts +52 -0
package/dist/server/mcp/security-audit.d.ts.map +1 -0
package/dist/server/mcp/security-audit.js +118 -0
package/dist/server/mcp/security-audit.js.map +1 -0
package/dist/server/mcp/security-patterns.d.ts +73 -0
package/dist/server/mcp/security-patterns.d.ts.map +1 -0
package/dist/server/mcp/security-patterns.js +247 -0
package/dist/server/mcp/security-patterns.js.map +1 -0
package/dist/server/mcp/server.d.ts +3 -0
package/dist/server/mcp/server.d.ts.map +1 -0
package/dist/server/mcp/server.js +146 -0
package/dist/server/mcp/server.js.map +1 -0
package/dist/server/routes/files.d.ts +9 -0
package/dist/server/routes/files.d.ts.map +1 -0
package/dist/server/routes/files.js +24 -0
package/dist/server/routes/files.js.map +1 -0
package/dist/server/routes/improvise.d.ts +3 -0
package/dist/server/routes/improvise.d.ts.map +1 -0
package/dist/server/routes/improvise.js +72 -0
package/dist/server/routes/improvise.js.map +1 -0
package/dist/server/routes/index.d.ts +10 -0
package/dist/server/routes/index.d.ts.map +1 -0
package/dist/server/routes/index.js +12 -0
package/dist/server/routes/index.js.map +1 -0
package/dist/server/routes/instances.d.ts +10 -0
package/dist/server/routes/instances.d.ts.map +1 -0
package/dist/server/routes/instances.js +47 -0
package/dist/server/routes/instances.js.map +1 -0
package/dist/server/routes/notifications.d.ts +3 -0
package/dist/server/routes/notifications.d.ts.map +1 -0
package/dist/server/routes/notifications.js +136 -0
package/dist/server/routes/notifications.js.map +1 -0
package/dist/server/services/analytics.d.ts +56 -0
package/dist/server/services/analytics.d.ts.map +1 -0
package/dist/server/services/analytics.js +240 -0
package/dist/server/services/analytics.js.map +1 -0
package/dist/server/services/auth.d.ts +26 -0
package/dist/server/services/auth.d.ts.map +1 -0
package/dist/server/services/auth.js +71 -0
package/dist/server/services/auth.js.map +1 -0
package/dist/server/services/client-id.d.ts +10 -0
package/dist/server/services/client-id.d.ts.map +1 -0
package/dist/server/services/client-id.js +61 -0
package/dist/server/services/client-id.js.map +1 -0
package/dist/server/services/credentials.d.ts +39 -0
package/dist/server/services/credentials.d.ts.map +1 -0
package/dist/server/services/credentials.js +110 -0
package/dist/server/services/credentials.js.map +1 -0
package/dist/server/services/files.d.ts +119 -0
package/dist/server/services/files.d.ts.map +1 -0
package/dist/server/services/files.js +560 -0
package/dist/server/services/files.js.map +1 -0
package/dist/server/services/instances.d.ts +52 -0
package/dist/server/services/instances.d.ts.map +1 -0
package/dist/server/services/instances.js +241 -0
package/dist/server/services/instances.js.map +1 -0
package/dist/server/services/pathUtils.d.ts +47 -0
package/dist/server/services/pathUtils.d.ts.map +1 -0
package/dist/server/services/pathUtils.js +124 -0
package/dist/server/services/pathUtils.js.map +1 -0
package/dist/server/services/platform.d.ts +72 -0
package/dist/server/services/platform.d.ts.map +1 -0
package/dist/server/services/platform.js +368 -0
package/dist/server/services/platform.js.map +1 -0
package/dist/server/services/sentry.d.ts +5 -0
package/dist/server/services/sentry.d.ts.map +1 -0
package/dist/server/services/sentry.js +71 -0
package/dist/server/services/sentry.js.map +1 -0
package/dist/server/services/terminal/pty-manager.d.ts +149 -0
package/dist/server/services/terminal/pty-manager.d.ts.map +1 -0
package/dist/server/services/terminal/pty-manager.js +377 -0
package/dist/server/services/terminal/pty-manager.js.map +1 -0
package/dist/server/services/terminal/tmux-manager.d.ts +82 -0
package/dist/server/services/terminal/tmux-manager.d.ts.map +1 -0
package/dist/server/services/terminal/tmux-manager.js +352 -0
package/dist/server/services/terminal/tmux-manager.js.map +1 -0
package/dist/server/services/websocket/autocomplete.d.ts +50 -0
package/dist/server/services/websocket/autocomplete.d.ts.map +1 -0
package/dist/server/services/websocket/autocomplete.js +361 -0
package/dist/server/services/websocket/autocomplete.js.map +1 -0
package/dist/server/services/websocket/file-utils.d.ts +44 -0
package/dist/server/services/websocket/file-utils.d.ts.map +1 -0
package/dist/server/services/websocket/file-utils.js +272 -0
package/dist/server/services/websocket/file-utils.js.map +1 -0
package/dist/server/services/websocket/handler.d.ts +246 -0
package/dist/server/services/websocket/handler.d.ts.map +1 -0
package/dist/server/services/websocket/handler.js +1771 -0
package/dist/server/services/websocket/handler.js.map +1 -0
package/dist/server/services/websocket/index.d.ts +11 -0
package/dist/server/services/websocket/index.d.ts.map +1 -0
package/dist/server/services/websocket/index.js +14 -0
package/dist/server/services/websocket/index.js.map +1 -0
package/dist/server/services/websocket/types.d.ts +214 -0
package/dist/server/services/websocket/types.d.ts.map +1 -0
package/dist/server/services/websocket/types.js +4 -0
package/dist/server/services/websocket/types.js.map +1 -0
package/dist/server/utils/agent-manager.d.ts +69 -0
package/dist/server/utils/agent-manager.d.ts.map +1 -0
package/dist/server/utils/agent-manager.js +269 -0
package/dist/server/utils/agent-manager.js.map +1 -0
package/dist/server/utils/paths.d.ts +25 -0
package/dist/server/utils/paths.d.ts.map +1 -0
package/dist/server/utils/paths.js +38 -0
package/dist/server/utils/paths.js.map +1 -0
package/dist/server/utils/port-manager.d.ts +10 -0
package/dist/server/utils/port-manager.d.ts.map +1 -0
package/dist/server/utils/port-manager.js +60 -0
package/dist/server/utils/port-manager.js.map +1 -0
package/dist/server/utils/port.d.ts +26 -0
package/dist/server/utils/port.d.ts.map +1 -0
package/dist/server/utils/port.js +83 -0
package/dist/server/utils/port.js.map +1 -0
package/hooks/bouncer.sh +138 -0
package/package.json +74 -0
package/server/README.md +191 -0
package/server/cli/headless/claude-invoker.ts +415 -0
package/server/cli/headless/index.ts +39 -0
package/server/cli/headless/mcp-config.ts +87 -0
package/server/cli/headless/output-utils.ts +109 -0
package/server/cli/headless/prompt-utils.ts +108 -0
package/server/cli/headless/runner.ts +133 -0
package/server/cli/headless/types.ts +118 -0
package/server/cli/improvisation-session-manager.ts +531 -0
package/server/index.ts +456 -0
package/server/mcp/README.md +122 -0
package/server/mcp/bouncer-cli.ts +127 -0
package/server/mcp/bouncer-integration.ts +430 -0
package/server/mcp/security-audit.ts +180 -0
package/server/mcp/security-patterns.ts +290 -0
package/server/mcp/server.ts +174 -0
package/server/routes/files.ts +29 -0
package/server/routes/improvise.ts +82 -0
package/server/routes/index.ts +13 -0
package/server/routes/instances.ts +54 -0
package/server/routes/notifications.ts +158 -0
package/server/services/analytics.ts +277 -0
package/server/services/auth.ts +80 -0
package/server/services/client-id.ts +68 -0
package/server/services/credentials.ts +134 -0
package/server/services/files.ts +710 -0
package/server/services/instances.ts +275 -0
package/server/services/pathUtils.ts +158 -0
package/server/services/platform.test.ts +1314 -0
package/server/services/platform.ts +435 -0
package/server/services/sentry.ts +81 -0
package/server/services/terminal/pty-manager.ts +464 -0
package/server/services/terminal/tmux-manager.ts +426 -0
package/server/services/websocket/autocomplete.ts +438 -0
package/server/services/websocket/file-utils.ts +305 -0
package/server/services/websocket/handler.test.ts +20 -0
package/server/services/websocket/handler.ts +2047 -0
package/server/services/websocket/index.ts +40 -0
package/server/services/websocket/types.ts +339 -0
package/server/tsconfig.json +19 -0
package/server/utils/agent-manager.ts +323 -0
package/server/utils/paths.ts +45 -0
package/server/utils/port-manager.ts +70 -0
package/server/utils/port.ts +102 -0

package/hooks/bouncer.sh ADDED Viewed

@@ -0,0 +1,138 @@
+#!/usr/bin/env bash
+# Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+# Licensed under the MIT License. See LICENSE file for details.
+#
+# Mstro Bouncer Gate - Claude Code Hook
+#
+# This hook intercepts Claude Code tool calls and routes them through
+# the Mstro bouncer for security analysis before execution.
+#
+# Installation:
+#   Run: npx mstro --configure-hooks
+#
+# Dependencies: Node.js (no jq or bun required)
+#
+set -euo pipefail
+# Configuration - MSTRO_BOUNCER_CLI is set by configure-claude.js
+BOUNCER_CLI="${MSTRO_BOUNCER_CLI:-}"
+BOUNCER_TIMEOUT="${BOUNCER_TIMEOUT:-10}"
+BOUNCER_LOG="${BOUNCER_LOG:-$HOME/.claude/logs/bouncer.log}"
+# Ensure log directory exists
+mkdir -p "$(dirname "$BOUNCER_LOG")"
+# Read hook input from stdin (JSON format from Claude Code)
+INPUT=$(cat)
+# Use Node.js inline to parse JSON and handle logic (eliminates jq dependency)
+RESULT=$(node --input-type=module -e "
+import { spawn } from 'child_process';
+import { appendFileSync } from 'fs';
+const input = JSON.parse(process.argv[1]);
+const bouncerCli = process.argv[2];
+const timeout = parseInt(process.argv[3], 10) * 1000;
+const logFile = process.argv[4];
+const toolName = input.tool_name || input.toolName || 'unknown';
+const toolInput = input.input || input.toolInput || {};
+function log(msg) {
+  const timestamp = new Date().toISOString();
+  appendFileSync(logFile, \`[\${timestamp}] \${msg}\n\`);
+}
+function output(decision, reason) {
+  console.log(JSON.stringify({ decision, reason }));
+}
+// Quick path for read-only operations
+const readOnlyOps = ['Read', 'Glob', 'Grep', 'Search', 'List', 'WebFetch', 'WebSearch'];
+if (readOnlyOps.includes(toolName)) {
+  output('allow', 'Read-only operation');
+  process.exit(0);
+}
+// Build operation string for logging
+let operation = toolName + ': ';
+if (toolName === 'Bash' && toolInput.command) {
+  operation += toolInput.command;
+} else if (['Write', 'Edit'].includes(toolName)) {
+  operation += toolInput.file_path || toolInput.filePath || toolInput.path || JSON.stringify(toolInput);
+} else {
+  operation += JSON.stringify(toolInput);
+}
+log('Analyzing: ' + toolName);
+// Check if bouncer CLI is available
+if (bouncerCli) {
+  try {
+    const child = spawn('node', [bouncerCli], {
+      stdio: ['pipe', 'pipe', 'pipe'],
+      timeout: timeout
+    });
+    let stdout = '';
+    let stderr = '';
+    child.stdout.on('data', (data) => { stdout += data; });
+    child.stderr.on('data', (data) => { stderr += data; });
+    child.stdin.write(JSON.stringify(input));
+    child.stdin.end();
+    child.on('close', (code) => {
+      if (stderr) log('Bouncer stderr: ' + stderr);
+      if (code === 0 && stdout.trim()) {
+        try {
+          const result = JSON.parse(stdout.trim());
+          log(result.decision + ': ' + operation + ' - ' + (result.reason || ''));
+          console.log(stdout.trim());
+        } catch {
+          log('allow (parse error): ' + operation);
+          output('allow', 'Bouncer response parse error, allowing');
+        }
+      } else {
+        log('allow (bouncer error): ' + operation);
+        output('allow', 'Bouncer error, allowing');
+      }
+    });
+    child.on('error', (err) => {
+      log('allow (spawn error): ' + operation + ' - ' + err.message);
+      output('allow', 'Bouncer spawn error, allowing');
+    });
+  } catch (err) {
+    log('allow (exception): ' + operation + ' - ' + err.message);
+    output('allow', 'Bouncer exception, allowing');
+  }
+} else {
+  // Fallback: critical threat pattern matching only
+  const criticalPatterns = [
+    { pattern: /rm\s+-rf\s+(\/|~)(\$|\s)/, reason: 'Critical threat: recursive delete of root or home' },
+    { pattern: /:\(\)\{.*\}|:\(\)\{.*:\|:/, reason: 'Critical threat: fork bomb detected' },
+    { pattern: /dd\s+if=\/dev\/zero\s+of=\/dev\/sd/, reason: 'Critical threat: disk overwrite' },
+    { pattern: /mkfs\s+\/dev\/sd/, reason: 'Critical threat: filesystem format' },
+    { pattern: />\s*\/dev\/sd/, reason: 'Critical threat: direct disk write' },
+  ];
+  for (const { pattern, reason } of criticalPatterns) {
+    if (pattern.test(operation)) {
+      log('DENIED: ' + operation + ' - ' + reason);
+      output('deny', reason);
+      process.exit(0);
+    }
+  }
+  log('allow (fallback): ' + operation);
+  output('allow', 'Basic pattern check passed');
+}
+" "$INPUT" "$BOUNCER_CLI" "$BOUNCER_TIMEOUT" "$BOUNCER_LOG" 2>> "$BOUNCER_LOG")
+echo "$RESULT"

package/package.json ADDED Viewed

@@ -0,0 +1,74 @@
+{
+  "name": "mstro-app",
+  "version": "0.1.47",
+  "description": "No-code AI assistant - run Claude Code workflows from your laptop, cloud VM, or any machine",
+  "type": "module",
+  "license": "MIT",
+  "author": "Mstro",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mstro-app/mstro.git"
+  },
+  "homepage": "https://mstro.app",
+  "keywords": [
+    "cli",
+    "ai",
+    "claude",
+    "anthropic",
+    "orchestration",
+    "workflow",
+    "mcp",
+    "automation"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "bin": {
+    "mstro": "./bin/mstro.js"
+  },
+  "files": [
+    "bin/",
+    "server/",
+    "hooks/",
+    "dist/",
+    "!**/*.backup",
+    "!**/*.bak",
+    "!**/.env",
+    "!**/.env.*"
+  ],
+  "scripts": {
+    "postinstall": "node bin/postinstall.js",
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsx server/index.ts",
+    "dev:mcp": "tsx server/mcp/server.ts",
+    "start": "NODE_ENV=production tsx server/index.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "prepublishOnly": "npm run build && npm test",
+    "mstro": "node bin/mstro.js",
+    "mstro:dev": "node bin/mstro.js --dev",
+    "check": "tsc -p tsconfig.build.json && vitest run && biome check ."
+  },
+  "dependencies": {
+    "@hono/node-server": "^1.19.6",
+    "@modelcontextprotocol/sdk": "^1.21.1",
+    "@sentry/node": "^10.38.0",
+    "fuse.js": "^7.1.0",
+    "hono": "^4.10.6",
+    "posthog-node": "^5.21.2",
+    "tsx": "^4.21.0",
+    "update-notifier": "^7.3.1",
+    "ws": "^8.18.0"
+  },
+  "optionalDependencies": {
+    "node-pty": "^1.1.0"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^2.3.13",
+    "@types/node": "^24.10.7",
+    "@types/ws": "^8.18.1",
+    "typescript": "~5.9.3",
+    "vitest": "4.0.18"
+  }
+}

package/server/README.md ADDED Viewed

@@ -0,0 +1,191 @@
+# Mstro v2 Server - Modern Hono Implementation
+## Overview
+This is a modernized server implementation for Mstro v2, built with **Hono** - a lightweight, fast, and type-safe web framework.
+### Why Hono?
+Migrating from Express (mstro-v1) to Hono provides:
+- **Modern & Fast**: Built for edge computing with minimal overhead (~12KB vs Express's much larger footprint)
+- **TypeScript-first**: Excellent type inference for routes and context
+- **Web Standards**: Built on Web APIs (Request/Response objects)
+- **Cleaner Code**: Less boilerplate, more declarative than Express
+- **Future-proof**: Works with Node.js, Bun, Deno, and Cloudflare Workers
+- **Better Performance**: Significantly faster routing and middleware execution
+## Architecture
+```
+server/
+├── index.ts              # Main server entry point
+├── types.ts              # TypeScript type definitions
+├── services/
+│   └── scores.ts         # Score management service
+└── tsconfig.json         # TypeScript configuration
+```
+## Running the Server
+### Development Mode
+```bash
+npm run dev:server
+```
+The server will start on port `3001` by default. You can change this by setting the `PORT` environment variable:
+```bash
+PORT=8080 npm run dev:server
+```
+## API Endpoints
+### Health & Configuration
+- **GET** `/health` - Health check endpoint
+  ```json
+  {
+    "status": "ok",
+    "timestamp": "2025-11-14T14:45:42.425Z",
+    "version": "2.0.0",
+    "framework": "Hono"
+  }
+  ```
+- **GET** `/api/config` - Server configuration
+  ```json
+  {
+    "lockWithPin": false,
+    "version": "2.0.0",
+    "framework": "Hono"
+  }
+  ```
+### Scores Management
+- **GET** `/api/scores` - List all scores (local, global, examples)
+  ```json
+  {
+    "scores": {
+      "localScores": [...],
+      "globalScores": [...],
+      "exampleScores": [...]
+    }
+  }
+  ```
+- **GET** `/api/scores/:filename` - Get a specific local score
+- **GET** `/api/scores/examples/:filename` - Get a specific example score
+- **GET** `/api/scores/global/:filename` - Get a specific global score
+- **POST** `/api/scores` - Save a new score
+  ```json
+  {
+    "metadata": {
+      "name": "My Score",
+      "version": "1.0.0",
+      "description": "Score description"
+    },
+    "config": {
+      "defaultModel": "sonnet"
+    },
+    "movements": [...],
+    "entryPoint": "step1"
+  }
+  ```
+## Middleware Stack
+1. **CORS** - Cross-origin resource sharing enabled for all routes
+2. **Logger** - HTTP request logging for debugging
+3. **Error Handling** - Centralized error handling with proper status codes
+## Testing
+### Manual Testing
+```bash
+# Health check
+curl http://localhost:3001/health
+# List scores
+curl http://localhost:3001/api/scores
+# Get specific score
+curl http://localhost:3001/api/scores/my-score.json
+# Save a score
+curl -X POST http://localhost:3001/api/scores \
+  -H "Content-Type: application/json" \
+  -d @score.json
+```
+## Migration Status
+### ✅ Completed
+- [x] Health check endpoint
+- [x] Configuration endpoint
+- [x] List all scores (local, global, examples)
+- [x] Get specific score by filename and type
+- [x] Save new scores
+### 🔄 To Be Migrated
+- [ ] Execute score endpoints
+- [ ] WebSocket for improvise sessions
+- [ ] Instances management
+- [ ] Git integration endpoints
+- [ ] Authentication/PIN management
+- [ ] File autocomplete endpoint
+- [ ] Score generation with AI (streaming)
+## Type Safety
+All routes are fully typed using TypeScript. The `OrchestraScore` type ensures consistency across the entire application:
+```typescript
+interface OrchestraScore {
+  metadata: {
+    name: string
+    version: string
+    description?: string
+    // ...
+  }
+  movements: Movement[]
+  entryPoint: string
+}
+```
+## Performance Comparison
+Hono vs Express benchmarks (approximate):
+- **Routing**: ~3-4x faster
+- **JSON parsing**: ~2x faster
+- **Memory footprint**: ~60% smaller
+- **Bundle size**: ~95% smaller
+## Next Steps
+1. **Add WebSocket support** for real-time improvise sessions
+2. **Implement streaming endpoints** for score generation
+3. **Add authentication middleware** for PIN-based security
+4. **Set up rate limiting** for production use
+5. **Consider Bun runtime** for even better performance
+## Compatibility
+- Node.js 18+ (ESM modules)
+- TypeScript 5.9+
+- Compatible with the existing mstro-v1 client (same API surface)
+## MCP Server
+The MCP bouncer server is now integrated into mstro-v2 at `server/mcp/`. Start it with:
+```bash
+npm run dev:mcp
+# or
+bun run server/mcp/server.ts
+```
+The server provides security analysis for Claude Code tool use via the Model Context Protocol.