npm - mstro-app - Versions diffs - 0.1.47 - Mend

mstro-app 0.1.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/LICENSE +21 -0
package/README.md +177 -0
package/bin/commands/config.js +145 -0
package/bin/commands/login.js +313 -0
package/bin/commands/logout.js +75 -0
package/bin/commands/status.js +197 -0
package/bin/commands/whoami.js +161 -0
package/bin/configure-claude.js +298 -0
package/bin/mstro.js +581 -0
package/bin/postinstall.js +45 -0
package/bin/release.sh +110 -0
package/dist/server/cli/headless/claude-invoker.d.ts +17 -0
package/dist/server/cli/headless/claude-invoker.d.ts.map +1 -0
package/dist/server/cli/headless/claude-invoker.js +311 -0
package/dist/server/cli/headless/claude-invoker.js.map +1 -0
package/dist/server/cli/headless/index.d.ts +13 -0
package/dist/server/cli/headless/index.d.ts.map +1 -0
package/dist/server/cli/headless/index.js +10 -0
package/dist/server/cli/headless/index.js.map +1 -0
package/dist/server/cli/headless/mcp-config.d.ts +11 -0
package/dist/server/cli/headless/mcp-config.d.ts.map +1 -0
package/dist/server/cli/headless/mcp-config.js +76 -0
package/dist/server/cli/headless/mcp-config.js.map +1 -0
package/dist/server/cli/headless/output-utils.d.ts +33 -0
package/dist/server/cli/headless/output-utils.d.ts.map +1 -0
package/dist/server/cli/headless/output-utils.js +101 -0
package/dist/server/cli/headless/output-utils.js.map +1 -0
package/dist/server/cli/headless/prompt-utils.d.ts +21 -0
package/dist/server/cli/headless/prompt-utils.d.ts.map +1 -0
package/dist/server/cli/headless/prompt-utils.js +84 -0
package/dist/server/cli/headless/prompt-utils.js.map +1 -0
package/dist/server/cli/headless/runner.d.ts +24 -0
package/dist/server/cli/headless/runner.d.ts.map +1 -0
package/dist/server/cli/headless/runner.js +99 -0
package/dist/server/cli/headless/runner.js.map +1 -0
package/dist/server/cli/headless/types.d.ts +106 -0
package/dist/server/cli/headless/types.d.ts.map +1 -0
package/dist/server/cli/headless/types.js +4 -0
package/dist/server/cli/headless/types.js.map +1 -0
package/dist/server/cli/improvisation-session-manager.d.ts +155 -0
package/dist/server/cli/improvisation-session-manager.d.ts.map +1 -0
package/dist/server/cli/improvisation-session-manager.js +415 -0
package/dist/server/cli/improvisation-session-manager.js.map +1 -0
package/dist/server/index.d.ts +2 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/index.js +386 -0
package/dist/server/index.js.map +1 -0
package/dist/server/mcp/bouncer-cli.d.ts +3 -0
package/dist/server/mcp/bouncer-cli.d.ts.map +1 -0
package/dist/server/mcp/bouncer-cli.js +99 -0
package/dist/server/mcp/bouncer-cli.js.map +1 -0
package/dist/server/mcp/bouncer-integration.d.ts +36 -0
package/dist/server/mcp/bouncer-integration.d.ts.map +1 -0
package/dist/server/mcp/bouncer-integration.js +301 -0
package/dist/server/mcp/bouncer-integration.js.map +1 -0
package/dist/server/mcp/security-audit.d.ts +52 -0
package/dist/server/mcp/security-audit.d.ts.map +1 -0
package/dist/server/mcp/security-audit.js +118 -0
package/dist/server/mcp/security-audit.js.map +1 -0
package/dist/server/mcp/security-patterns.d.ts +73 -0
package/dist/server/mcp/security-patterns.d.ts.map +1 -0
package/dist/server/mcp/security-patterns.js +247 -0
package/dist/server/mcp/security-patterns.js.map +1 -0
package/dist/server/mcp/server.d.ts +3 -0
package/dist/server/mcp/server.d.ts.map +1 -0
package/dist/server/mcp/server.js +146 -0
package/dist/server/mcp/server.js.map +1 -0
package/dist/server/routes/files.d.ts +9 -0
package/dist/server/routes/files.d.ts.map +1 -0
package/dist/server/routes/files.js +24 -0
package/dist/server/routes/files.js.map +1 -0
package/dist/server/routes/improvise.d.ts +3 -0
package/dist/server/routes/improvise.d.ts.map +1 -0
package/dist/server/routes/improvise.js +72 -0
package/dist/server/routes/improvise.js.map +1 -0
package/dist/server/routes/index.d.ts +10 -0
package/dist/server/routes/index.d.ts.map +1 -0
package/dist/server/routes/index.js +12 -0
package/dist/server/routes/index.js.map +1 -0
package/dist/server/routes/instances.d.ts +10 -0
package/dist/server/routes/instances.d.ts.map +1 -0
package/dist/server/routes/instances.js +47 -0
package/dist/server/routes/instances.js.map +1 -0
package/dist/server/routes/notifications.d.ts +3 -0
package/dist/server/routes/notifications.d.ts.map +1 -0
package/dist/server/routes/notifications.js +136 -0
package/dist/server/routes/notifications.js.map +1 -0
package/dist/server/services/analytics.d.ts +56 -0
package/dist/server/services/analytics.d.ts.map +1 -0
package/dist/server/services/analytics.js +240 -0
package/dist/server/services/analytics.js.map +1 -0
package/dist/server/services/auth.d.ts +26 -0
package/dist/server/services/auth.d.ts.map +1 -0
package/dist/server/services/auth.js +71 -0
package/dist/server/services/auth.js.map +1 -0
package/dist/server/services/client-id.d.ts +10 -0
package/dist/server/services/client-id.d.ts.map +1 -0
package/dist/server/services/client-id.js +61 -0
package/dist/server/services/client-id.js.map +1 -0
package/dist/server/services/credentials.d.ts +39 -0
package/dist/server/services/credentials.d.ts.map +1 -0
package/dist/server/services/credentials.js +110 -0
package/dist/server/services/credentials.js.map +1 -0
package/dist/server/services/files.d.ts +119 -0
package/dist/server/services/files.d.ts.map +1 -0
package/dist/server/services/files.js +560 -0
package/dist/server/services/files.js.map +1 -0
package/dist/server/services/instances.d.ts +52 -0
package/dist/server/services/instances.d.ts.map +1 -0
package/dist/server/services/instances.js +241 -0
package/dist/server/services/instances.js.map +1 -0
package/dist/server/services/pathUtils.d.ts +47 -0
package/dist/server/services/pathUtils.d.ts.map +1 -0
package/dist/server/services/pathUtils.js +124 -0
package/dist/server/services/pathUtils.js.map +1 -0
package/dist/server/services/platform.d.ts +72 -0
package/dist/server/services/platform.d.ts.map +1 -0
package/dist/server/services/platform.js +368 -0
package/dist/server/services/platform.js.map +1 -0
package/dist/server/services/sentry.d.ts +5 -0
package/dist/server/services/sentry.d.ts.map +1 -0
package/dist/server/services/sentry.js +71 -0
package/dist/server/services/sentry.js.map +1 -0
package/dist/server/services/terminal/pty-manager.d.ts +149 -0
package/dist/server/services/terminal/pty-manager.d.ts.map +1 -0
package/dist/server/services/terminal/pty-manager.js +377 -0
package/dist/server/services/terminal/pty-manager.js.map +1 -0
package/dist/server/services/terminal/tmux-manager.d.ts +82 -0
package/dist/server/services/terminal/tmux-manager.d.ts.map +1 -0
package/dist/server/services/terminal/tmux-manager.js +352 -0
package/dist/server/services/terminal/tmux-manager.js.map +1 -0
package/dist/server/services/websocket/autocomplete.d.ts +50 -0
package/dist/server/services/websocket/autocomplete.d.ts.map +1 -0
package/dist/server/services/websocket/autocomplete.js +361 -0
package/dist/server/services/websocket/autocomplete.js.map +1 -0
package/dist/server/services/websocket/file-utils.d.ts +44 -0
package/dist/server/services/websocket/file-utils.d.ts.map +1 -0
package/dist/server/services/websocket/file-utils.js +272 -0
package/dist/server/services/websocket/file-utils.js.map +1 -0
package/dist/server/services/websocket/handler.d.ts +246 -0
package/dist/server/services/websocket/handler.d.ts.map +1 -0
package/dist/server/services/websocket/handler.js +1771 -0
package/dist/server/services/websocket/handler.js.map +1 -0
package/dist/server/services/websocket/index.d.ts +11 -0
package/dist/server/services/websocket/index.d.ts.map +1 -0
package/dist/server/services/websocket/index.js +14 -0
package/dist/server/services/websocket/index.js.map +1 -0
package/dist/server/services/websocket/types.d.ts +214 -0
package/dist/server/services/websocket/types.d.ts.map +1 -0
package/dist/server/services/websocket/types.js +4 -0
package/dist/server/services/websocket/types.js.map +1 -0
package/dist/server/utils/agent-manager.d.ts +69 -0
package/dist/server/utils/agent-manager.d.ts.map +1 -0
package/dist/server/utils/agent-manager.js +269 -0
package/dist/server/utils/agent-manager.js.map +1 -0
package/dist/server/utils/paths.d.ts +25 -0
package/dist/server/utils/paths.d.ts.map +1 -0
package/dist/server/utils/paths.js +38 -0
package/dist/server/utils/paths.js.map +1 -0
package/dist/server/utils/port-manager.d.ts +10 -0
package/dist/server/utils/port-manager.d.ts.map +1 -0
package/dist/server/utils/port-manager.js +60 -0
package/dist/server/utils/port-manager.js.map +1 -0
package/dist/server/utils/port.d.ts +26 -0
package/dist/server/utils/port.d.ts.map +1 -0
package/dist/server/utils/port.js +83 -0
package/dist/server/utils/port.js.map +1 -0
package/hooks/bouncer.sh +138 -0
package/package.json +74 -0
package/server/README.md +191 -0
package/server/cli/headless/claude-invoker.ts +415 -0
package/server/cli/headless/index.ts +39 -0
package/server/cli/headless/mcp-config.ts +87 -0
package/server/cli/headless/output-utils.ts +109 -0
package/server/cli/headless/prompt-utils.ts +108 -0
package/server/cli/headless/runner.ts +133 -0
package/server/cli/headless/types.ts +118 -0
package/server/cli/improvisation-session-manager.ts +531 -0
package/server/index.ts +456 -0
package/server/mcp/README.md +122 -0
package/server/mcp/bouncer-cli.ts +127 -0
package/server/mcp/bouncer-integration.ts +430 -0
package/server/mcp/security-audit.ts +180 -0
package/server/mcp/security-patterns.ts +290 -0
package/server/mcp/server.ts +174 -0
package/server/routes/files.ts +29 -0
package/server/routes/improvise.ts +82 -0
package/server/routes/index.ts +13 -0
package/server/routes/instances.ts +54 -0
package/server/routes/notifications.ts +158 -0
package/server/services/analytics.ts +277 -0
package/server/services/auth.ts +80 -0
package/server/services/client-id.ts +68 -0
package/server/services/credentials.ts +134 -0
package/server/services/files.ts +710 -0
package/server/services/instances.ts +275 -0
package/server/services/pathUtils.ts +158 -0
package/server/services/platform.test.ts +1314 -0
package/server/services/platform.ts +435 -0
package/server/services/sentry.ts +81 -0
package/server/services/terminal/pty-manager.ts +464 -0
package/server/services/terminal/tmux-manager.ts +426 -0
package/server/services/websocket/autocomplete.ts +438 -0
package/server/services/websocket/file-utils.ts +305 -0
package/server/services/websocket/handler.test.ts +20 -0
package/server/services/websocket/handler.ts +2047 -0
package/server/services/websocket/index.ts +40 -0
package/server/services/websocket/types.ts +339 -0
package/server/tsconfig.json +19 -0
package/server/utils/agent-manager.ts +323 -0
package/server/utils/paths.ts +45 -0
package/server/utils/port-manager.ts +70 -0
package/server/utils/port.ts +102 -0

package/server/routes/notifications.ts ADDED Viewed

@@ -0,0 +1,158 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Notification Routes
+ *
+ * Handles notification-related operations including AI-powered summary generation.
+ */
+import { spawn } from 'node:child_process'
+import { existsSync, mkdirSync, unlinkSync, writeFileSync } from 'node:fs'
+import { join } from 'node:path'
+import { Hono } from 'hono'
+export function createNotificationRoutes(workingDir: string) {
+  const routes = new Hono()
+  /**
+   * Generate a summary for browser notification using Claude Haiku
+   * POST /summarize
+   * Body: { prompt: string, output: string }
+   * Returns: { summary: string }
+   */
+  routes.post('/summarize', async (c) => {
+    try {
+      const body = await c.req.json()
+      const { prompt, output } = body
+      if (!prompt || !output) {
+        return c.json({ error: 'Missing required fields: prompt and output' }, 400)
+      }
+      const summary = await generateNotificationSummary(prompt, output, workingDir)
+      return c.json({ summary })
+    } catch (error) {
+      console.error('[Notifications] Error generating summary:', error)
+      // Return a fallback summary on error
+      return c.json({ summary: 'Task completed' })
+    }
+  })
+  return routes
+}
+/**
+ * Generate a notification summary using Claude Haiku
+ */
+async function generateNotificationSummary(
+  userPrompt: string,
+  output: string,
+  workingDir: string
+): Promise<string> {
+  return new Promise((resolve) => {
+    // Create temp directory if it doesn't exist
+    const tempDir = join(workingDir, '.mstro', 'tmp')
+    if (!existsSync(tempDir)) {
+      mkdirSync(tempDir, { recursive: true })
+    }
+    // Truncate output if too long (keep first and last parts for context)
+    let truncatedOutput = output
+    if (output.length > 4000) {
+      const firstPart = output.slice(0, 2000)
+      const lastPart = output.slice(-1500)
+      truncatedOutput = `${firstPart}\n\n... [output truncated] ...\n\n${lastPart}`
+    }
+    // Build the prompt for summary generation
+    const summaryPrompt = `You are generating a SHORT browser notification summary for a completed task.
+The user ran a task and wants a brief notification to remind them what happened.
+USER'S ORIGINAL PROMPT:
+"${userPrompt}"
+TASK OUTPUT (may be truncated):
+${truncatedOutput}
+Generate a notification summary following these rules:
+1. Maximum 100 characters (this is a browser notification)
+2. Focus on the OUTCOME, not the process
+3. Be specific about what was accomplished
+4. Use past tense (e.g., "Fixed bug in auth.ts", "Added 3 new tests")
+5. If there was an error, mention it briefly
+6. No emojis, no markdown, just plain text
+Respond with ONLY the summary text, nothing else.`
+    // Write prompt to temp file
+    const promptFile = join(tempDir, `notif-summary-${Date.now()}.txt`)
+    writeFileSync(promptFile, summaryPrompt)
+    const systemPrompt = 'You are a notification summary assistant. Respond with only the summary text, no preamble or explanation.'
+    const args = [
+      '--print',
+      '--model', 'haiku',
+      '--system-prompt', systemPrompt,
+      promptFile
+    ]
+    const claude = spawn('claude', args, {
+      cwd: workingDir,
+      stdio: ['ignore', 'pipe', 'pipe']
+    })
+    let stdout = ''
+    let stderr = ''
+    claude.stdout?.on('data', (data) => {
+      stdout += data.toString()
+    })
+    claude.stderr?.on('data', (data) => {
+      stderr += data.toString()
+    })
+    claude.on('close', (code) => {
+      // Clean up temp file
+      try {
+        unlinkSync(promptFile)
+      } catch {
+        // Ignore cleanup errors
+      }
+      if (code === 0 && stdout.trim()) {
+        // Truncate if somehow still too long
+        const summary = stdout.trim().slice(0, 150)
+        resolve(summary)
+      } else {
+        console.error('[Notifications] Claude error:', stderr || 'Unknown error')
+        // Fallback to basic summary
+        resolve(createFallbackSummary(userPrompt))
+      }
+    })
+    claude.on('error', (err) => {
+      console.error('[Notifications] Failed to spawn Claude:', err)
+      resolve(createFallbackSummary(userPrompt))
+    })
+    // Timeout after 10 seconds
+    setTimeout(() => {
+      claude.kill()
+      resolve(createFallbackSummary(userPrompt))
+    }, 10000)
+  })
+}
+/**
+ * Create a fallback summary when AI summarization fails
+ */
+function createFallbackSummary(userPrompt: string): string {
+  const truncated = userPrompt.slice(0, 60)
+  if (userPrompt.length > 60) {
+    return `Completed: "${truncated}..."`
+  }
+  return `Completed: "${truncated}"`
+}

package/server/services/analytics.ts ADDED Viewed

@@ -0,0 +1,277 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * PostHog Analytics Service for mstro CLI
+ *
+ * Provides analytics tracking for the mstro client.
+ * Uses PostHog Node SDK for server-side event tracking.
+ *
+ * Config is fetched from platform server (not hardcoded) so the
+ * PostHog key isn't exposed in the npm package.
+ *
+ * Telemetry is opt-out by default. Users can disable with:
+ * - Command: mstro telemetry off
+ * - Environment variable: MSTRO_TELEMETRY=0
+ */
+import { existsSync, readFileSync, writeFileSync } from 'node:fs'
+import { arch, homedir, platform } from 'node:os'
+import { join } from 'node:path'
+import { PostHog } from 'posthog-node'
+import { getClientId } from './client-id.js'
+const MSTRO_DIR = join(homedir(), '.mstro')
+const CONFIG_FILE = join(MSTRO_DIR, 'config.json')
+const PLATFORM_URL = process.env.PLATFORM_URL || 'https://api.mstro.app'
+let client: PostHog | null = null
+let telemetryEnabled: boolean | null = null
+let analyticsConfig: { posthogKey: string; posthogHost: string } | null = null
+interface MstroConfig {
+  telemetry?: boolean
+}
+/**
+ * Check if telemetry is enabled
+ */
+function isTelemetryEnabled(): boolean {
+  if (telemetryEnabled !== null) {
+    return telemetryEnabled
+  }
+  // Check environment variable first
+  const envValue = process.env.MSTRO_TELEMETRY
+  if (envValue === '0' || envValue === 'false') {
+    telemetryEnabled = false
+    return false
+  }
+  // Check config file
+  if (existsSync(CONFIG_FILE)) {
+    try {
+      const config: MstroConfig = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'))
+      if (config.telemetry === false) {
+        telemetryEnabled = false
+        return false
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  }
+  telemetryEnabled = true
+  return true
+}
+/**
+ * Fetch analytics config from platform server
+ * This keeps the PostHog key out of the npm package
+ */
+async function fetchAnalyticsConfig(): Promise<{ posthogKey: string; posthogHost: string } | null> {
+  try {
+    const response = await fetch(`${PLATFORM_URL}/api/config/client`, {
+      method: 'GET',
+      headers: { 'Content-Type': 'application/json' },
+    })
+    if (!response.ok) {
+      return null
+    }
+    const data = await response.json() as { analytics?: { posthogKey?: string; posthogHost?: string } }
+    return {
+      posthogKey: data.analytics?.posthogKey || '',
+      posthogHost: data.analytics?.posthogHost || 'https://eu.i.posthog.com',
+    }
+  } catch {
+    // Network error, platform unavailable - silently disable analytics
+    return null
+  }
+}
+/**
+ * Initialize PostHog client
+ * Call this once at server startup
+ */
+export async function initAnalytics(): Promise<void> {
+  if (!isTelemetryEnabled()) {
+    return
+  }
+  // Fetch config from platform
+  analyticsConfig = await fetchAnalyticsConfig()
+  if (!analyticsConfig?.posthogKey) {
+    // No key configured on platform, analytics disabled
+    return
+  }
+  client = new PostHog(analyticsConfig.posthogKey, {
+    host: analyticsConfig.posthogHost,
+    // Flush events every 10 seconds or 20 events
+    flushAt: 20,
+    flushInterval: 10000,
+  })
+}
+/**
+ * Shutdown PostHog client gracefully
+ * Call this before process exit
+ */
+export async function shutdownAnalytics(): Promise<void> {
+  if (client) {
+    await client.shutdown()
+    client = null
+  }
+}
+/**
+ * Get the distinct ID for this client
+ * Uses the persistent client ID from ~/.mstro/client-id
+ */
+function getDistinctId(): string {
+  return getClientId()
+}
+/**
+ * Get common properties included with all events
+ */
+function getCommonProperties(): Record<string, any> {
+  return {
+    os: platform(),
+    arch: arch(),
+    node_version: process.version,
+    mstro_version: process.env.npm_package_version || 'unknown',
+    source: 'client',
+  }
+}
+/**
+ * Track a custom event
+ */
+export function trackEvent(event: string, properties?: Record<string, any>): void {
+  if (!client || !isTelemetryEnabled()) return
+  client.capture({
+    distinctId: getDistinctId(),
+    event,
+    properties: {
+      ...getCommonProperties(),
+      ...properties,
+    },
+  })
+}
+/**
+ * Identify a user (call after login)
+ */
+export function identifyUser(userId: string, properties?: Record<string, any>): void {
+  if (!client || !isTelemetryEnabled()) return
+  // Link the client ID to the user ID
+  client.alias({
+    distinctId: userId,
+    alias: getDistinctId(),
+  })
+  client.identify({
+    distinctId: userId,
+    properties: {
+      ...getCommonProperties(),
+      ...properties,
+    },
+  })
+}
+/**
+ * Set telemetry preference in config file
+ */
+export function setTelemetryEnabled(enabled: boolean): void {
+  let config: MstroConfig = {}
+  if (existsSync(CONFIG_FILE)) {
+    try {
+      config = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'))
+    } catch {
+      // Start fresh if parse fails
+    }
+  }
+  config.telemetry = enabled
+  writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 })
+  // Update cached value
+  telemetryEnabled = enabled
+}
+/**
+ * Get current telemetry status
+ */
+export function getTelemetryStatus(): { enabled: boolean; reason: string } {
+  const envValue = process.env.MSTRO_TELEMETRY
+  if (envValue === '0' || envValue === 'false') {
+    return { enabled: false, reason: 'Disabled via MSTRO_TELEMETRY environment variable' }
+  }
+  if (existsSync(CONFIG_FILE)) {
+    try {
+      const config: MstroConfig = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'))
+      if (config.telemetry === false) {
+        return { enabled: false, reason: 'Disabled via ~/.mstro/config.json' }
+      }
+    } catch {
+      // Ignore
+    }
+  }
+  if (!analyticsConfig?.posthogKey) {
+    return { enabled: false, reason: 'Analytics not configured on platform' }
+  }
+  return { enabled: true, reason: 'Enabled (opt-out with MSTRO_TELEMETRY=0)' }
+}
+// ===========================================
+// Event Constants - Use these for consistency
+// ===========================================
+export const AnalyticsEvents = {
+  // CLI events
+  CLI_STARTED: 'cli_started',
+  CLI_COMMAND: 'cli_command',
+  CLI_LOGIN: 'cli_login',
+  CLI_LOGOUT: 'cli_logout',
+  CLI_ERROR: 'cli_error',
+  // Server events
+  SERVER_STARTED: 'server_started',
+  SERVER_STOPPED: 'server_stopped',
+  // Connection events
+  PLATFORM_CONNECTED: 'platform_connected',
+  PLATFORM_DISCONNECTED: 'platform_disconnected',
+  WEB_CLIENT_CONNECTED: 'web_client_connected',
+  WEB_CLIENT_DISCONNECTED: 'web_client_disconnected',
+  // Improvise events
+  IMPROVISE_SESSION_STARTED: 'improvise_session_started',
+  IMPROVISE_PROMPT_RECEIVED: 'improvise_prompt_received',
+  IMPROVISE_MOVEMENT_STARTED: 'improvise_movement_started',
+  IMPROVISE_MOVEMENT_COMPLETED: 'improvise_movement_completed',
+  IMPROVISE_MOVEMENT_ERROR: 'improvise_movement_error',
+  IMPROVISE_SESSION_ENDED: 'improvise_session_ended',
+  IMPROVISE_ABORTED: 'improvise_aborted',
+  // Terminal events
+  TERMINAL_SESSION_CREATED: 'terminal_session_created',
+  TERMINAL_SESSION_CLOSED: 'terminal_session_closed',
+  // MCP/Bouncer events
+  BOUNCER_TOOL_ALLOWED: 'bouncer_tool_allowed',
+  BOUNCER_TOOL_DENIED: 'bouncer_tool_denied',
+  BOUNCER_HAIKU_REVIEW: 'bouncer_haiku_review',
+} as const
+export type AnalyticsEvent = typeof AnalyticsEvents[keyof typeof AnalyticsEvents]

package/server/services/auth.ts ADDED Viewed

@@ -0,0 +1,80 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Authentication Service
+ *
+ * Manages local session token for localhost API/WebSocket auth.
+ * All mstro instances on a machine share a single token from ~/.mstro/session-token.
+ * The token is created once (by `mstro login` or first server start) and reused.
+ */
+import { randomBytes } from 'node:crypto'
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { homedir } from 'node:os'
+import { join } from 'node:path'
+const SESSION_TOKEN_PATH = join(homedir(), '.mstro', 'session-token')
+export class AuthService {
+  private localToken: string
+  constructor() {
+    this.localToken = this.loadOrCreateToken()
+  }
+  /**
+   * Load existing session token from disk, or create one if missing.
+   * This ensures all mstro instances on the same machine share the same token.
+   */
+  private loadOrCreateToken(): string {
+    const existing = AuthService.readLocalToken()
+    if (existing) {
+      return existing
+    }
+    const token = randomBytes(32).toString('hex')
+    this.writeToken(token)
+    return token
+  }
+  /**
+   * Write session token to ~/.mstro/session-token
+   */
+  private writeToken(token: string): void {
+    const dir = join(homedir(), '.mstro')
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true, mode: 0o700 })
+    }
+    writeFileSync(SESSION_TOKEN_PATH, token, { mode: 0o600 })
+  }
+  /**
+   * Validate the local session token (used for localhost API/WS auth)
+   */
+  validateLocalToken(token: string): boolean {
+    return token === this.localToken
+  }
+  /**
+   * Get the local session token (for passing to child processes)
+   */
+  getLocalToken(): string {
+    return this.localToken
+  }
+  /**
+   * Read the local session token from disk (static utility for clients)
+   */
+  static readLocalToken(): string | null {
+    try {
+      if (existsSync(SESSION_TOKEN_PATH)) {
+        const token = readFileSync(SESSION_TOKEN_PATH, 'utf-8').trim()
+        if (token.length > 0) {
+          return token
+        }
+      }
+    } catch {}
+    return null
+  }
+}

package/server/services/client-id.ts ADDED Viewed

@@ -0,0 +1,68 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Client ID Service
+ *
+ * Generates and persists a unique client identifier that survives server restarts.
+ * This ID is used to distinguish between different user home directories on different machines.
+ *
+ * Storage: ~/.mstro/client-id
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { homedir } from 'node:os'
+import { join } from 'node:path'
+const MSTRO_DIR = join(homedir(), '.mstro')
+const CLIENT_ID_FILE = join(MSTRO_DIR, 'client-id')
+/**
+ * Generate a new UUID v4
+ */
+function generateUUID(): string {
+  return crypto.randomUUID()
+}
+/**
+ * Get the persistent client ID, creating one if it doesn't exist.
+ * This ID is unique to this machine's ~/.mstro directory.
+ */
+export function getClientId(): string {
+  // Ensure ~/.mstro directory exists
+  if (!existsSync(MSTRO_DIR)) {
+    mkdirSync(MSTRO_DIR, { recursive: true, mode: 0o700 })
+  }
+  // Try to read existing client ID
+  if (existsSync(CLIENT_ID_FILE)) {
+    try {
+      const id = readFileSync(CLIENT_ID_FILE, 'utf-8').trim()
+      if (id && isValidUUID(id)) {
+        return id
+      }
+    } catch {
+      // File exists but couldn't be read, generate new one
+    }
+  }
+  // Generate and persist a new client ID
+  const newId = generateUUID()
+  writeFileSync(CLIENT_ID_FILE, newId, 'utf-8')
+  return newId
+}
+/**
+ * Validate UUID format
+ */
+function isValidUUID(id: string): boolean {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
+  return uuidRegex.test(id)
+}
+/**
+ * Get the client ID file path (for debugging/display)
+ */
+export function getClientIdPath(): string {
+  return CLIENT_ID_FILE
+}

package/server/services/credentials.ts ADDED Viewed

@@ -0,0 +1,134 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Credentials Service
+ *
+ * Manages persistent authentication credentials stored in ~/.mstro/credentials.json
+ *
+ * Structure:
+ * {
+ *   "token": "device-token-here",
+ *   "userId": "user-uuid",
+ *   "email": "user@example.com",
+ *   "name": "User Name",
+ *   "deviceId": "device-uuid",
+ *   "clientId": "client-uuid",
+ *   "createdAt": "2024-01-01T00:00:00.000Z",
+ *   "lastRefreshedAt": "2024-01-01T00:00:00.000Z"
+ * }
+ */
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs'
+import { homedir } from 'node:os'
+import { join } from 'node:path'
+const MSTRO_DIR = join(homedir(), '.mstro')
+const CREDENTIALS_FILE = join(MSTRO_DIR, 'credentials.json')
+export interface Credentials {
+  token: string
+  userId: string
+  email: string
+  name?: string
+  deviceId?: string
+  clientId: string
+  createdAt: string
+  lastRefreshedAt?: string
+}
+/**
+ * Ensure the ~/.mstro directory exists
+ */
+function ensureMstroDir(): void {
+  if (!existsSync(MSTRO_DIR)) {
+    mkdirSync(MSTRO_DIR, { recursive: true, mode: 0o700 })
+  }
+}
+/**
+ * Get stored credentials, or null if not logged in
+ */
+export function getCredentials(): Credentials | null {
+  if (!existsSync(CREDENTIALS_FILE)) {
+    return null
+  }
+  try {
+    const content = readFileSync(CREDENTIALS_FILE, 'utf-8')
+    const credentials = JSON.parse(content) as Credentials
+    // Validate required fields
+    if (!credentials.token || !credentials.userId || !credentials.email || !credentials.clientId) {
+      console.warn('Invalid credentials file, missing required fields')
+      return null
+    }
+    return credentials
+  } catch (err) {
+    console.warn('Failed to read credentials file:', err)
+    return null
+  }
+}
+/**
+ * Save credentials after successful login
+ */
+export function saveCredentials(credentials: Credentials): void {
+  ensureMstroDir()
+  writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), {
+    mode: 0o600 // Read/write for owner only
+  })
+}
+/**
+ * Update the token (used during refresh)
+ */
+export function updateToken(newToken: string): void {
+  const credentials = getCredentials()
+  if (!credentials) {
+    throw new Error('No credentials to update')
+  }
+  credentials.token = newToken
+  credentials.lastRefreshedAt = new Date().toISOString()
+  saveCredentials(credentials)
+}
+/**
+ * Delete credentials (logout)
+ */
+export function deleteCredentials(): boolean {
+  if (!existsSync(CREDENTIALS_FILE)) {
+    return false
+  }
+  try {
+    unlinkSync(CREDENTIALS_FILE)
+    return true
+  } catch (err) {
+    console.error('Failed to delete credentials:', err)
+    return false
+  }
+}
+/**
+ * Check if user is logged in
+ */
+export function isLoggedIn(): boolean {
+  return getCredentials() !== null
+}
+/**
+ * Get the credentials file path (for display)
+ */
+export function getCredentialsPath(): string {
+  return CREDENTIALS_FILE
+}
+/**
+ * Get the mstro directory path
+ */
+export function getMstroDir(): string {
+  return MSTRO_DIR
+}