npm - mstro-app - Versions diffs - 0.1.47 - Mend

mstro-app 0.1.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/LICENSE +21 -0
package/README.md +177 -0
package/bin/commands/config.js +145 -0
package/bin/commands/login.js +313 -0
package/bin/commands/logout.js +75 -0
package/bin/commands/status.js +197 -0
package/bin/commands/whoami.js +161 -0
package/bin/configure-claude.js +298 -0
package/bin/mstro.js +581 -0
package/bin/postinstall.js +45 -0
package/bin/release.sh +110 -0
package/dist/server/cli/headless/claude-invoker.d.ts +17 -0
package/dist/server/cli/headless/claude-invoker.d.ts.map +1 -0
package/dist/server/cli/headless/claude-invoker.js +311 -0
package/dist/server/cli/headless/claude-invoker.js.map +1 -0
package/dist/server/cli/headless/index.d.ts +13 -0
package/dist/server/cli/headless/index.d.ts.map +1 -0
package/dist/server/cli/headless/index.js +10 -0
package/dist/server/cli/headless/index.js.map +1 -0
package/dist/server/cli/headless/mcp-config.d.ts +11 -0
package/dist/server/cli/headless/mcp-config.d.ts.map +1 -0
package/dist/server/cli/headless/mcp-config.js +76 -0
package/dist/server/cli/headless/mcp-config.js.map +1 -0
package/dist/server/cli/headless/output-utils.d.ts +33 -0
package/dist/server/cli/headless/output-utils.d.ts.map +1 -0
package/dist/server/cli/headless/output-utils.js +101 -0
package/dist/server/cli/headless/output-utils.js.map +1 -0
package/dist/server/cli/headless/prompt-utils.d.ts +21 -0
package/dist/server/cli/headless/prompt-utils.d.ts.map +1 -0
package/dist/server/cli/headless/prompt-utils.js +84 -0
package/dist/server/cli/headless/prompt-utils.js.map +1 -0
package/dist/server/cli/headless/runner.d.ts +24 -0
package/dist/server/cli/headless/runner.d.ts.map +1 -0
package/dist/server/cli/headless/runner.js +99 -0
package/dist/server/cli/headless/runner.js.map +1 -0
package/dist/server/cli/headless/types.d.ts +106 -0
package/dist/server/cli/headless/types.d.ts.map +1 -0
package/dist/server/cli/headless/types.js +4 -0
package/dist/server/cli/headless/types.js.map +1 -0
package/dist/server/cli/improvisation-session-manager.d.ts +155 -0
package/dist/server/cli/improvisation-session-manager.d.ts.map +1 -0
package/dist/server/cli/improvisation-session-manager.js +415 -0
package/dist/server/cli/improvisation-session-manager.js.map +1 -0
package/dist/server/index.d.ts +2 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/index.js +386 -0
package/dist/server/index.js.map +1 -0
package/dist/server/mcp/bouncer-cli.d.ts +3 -0
package/dist/server/mcp/bouncer-cli.d.ts.map +1 -0
package/dist/server/mcp/bouncer-cli.js +99 -0
package/dist/server/mcp/bouncer-cli.js.map +1 -0
package/dist/server/mcp/bouncer-integration.d.ts +36 -0
package/dist/server/mcp/bouncer-integration.d.ts.map +1 -0
package/dist/server/mcp/bouncer-integration.js +301 -0
package/dist/server/mcp/bouncer-integration.js.map +1 -0
package/dist/server/mcp/security-audit.d.ts +52 -0
package/dist/server/mcp/security-audit.d.ts.map +1 -0
package/dist/server/mcp/security-audit.js +118 -0
package/dist/server/mcp/security-audit.js.map +1 -0
package/dist/server/mcp/security-patterns.d.ts +73 -0
package/dist/server/mcp/security-patterns.d.ts.map +1 -0
package/dist/server/mcp/security-patterns.js +247 -0
package/dist/server/mcp/security-patterns.js.map +1 -0
package/dist/server/mcp/server.d.ts +3 -0
package/dist/server/mcp/server.d.ts.map +1 -0
package/dist/server/mcp/server.js +146 -0
package/dist/server/mcp/server.js.map +1 -0
package/dist/server/routes/files.d.ts +9 -0
package/dist/server/routes/files.d.ts.map +1 -0
package/dist/server/routes/files.js +24 -0
package/dist/server/routes/files.js.map +1 -0
package/dist/server/routes/improvise.d.ts +3 -0
package/dist/server/routes/improvise.d.ts.map +1 -0
package/dist/server/routes/improvise.js +72 -0
package/dist/server/routes/improvise.js.map +1 -0
package/dist/server/routes/index.d.ts +10 -0
package/dist/server/routes/index.d.ts.map +1 -0
package/dist/server/routes/index.js +12 -0
package/dist/server/routes/index.js.map +1 -0
package/dist/server/routes/instances.d.ts +10 -0
package/dist/server/routes/instances.d.ts.map +1 -0
package/dist/server/routes/instances.js +47 -0
package/dist/server/routes/instances.js.map +1 -0
package/dist/server/routes/notifications.d.ts +3 -0
package/dist/server/routes/notifications.d.ts.map +1 -0
package/dist/server/routes/notifications.js +136 -0
package/dist/server/routes/notifications.js.map +1 -0
package/dist/server/services/analytics.d.ts +56 -0
package/dist/server/services/analytics.d.ts.map +1 -0
package/dist/server/services/analytics.js +240 -0
package/dist/server/services/analytics.js.map +1 -0
package/dist/server/services/auth.d.ts +26 -0
package/dist/server/services/auth.d.ts.map +1 -0
package/dist/server/services/auth.js +71 -0
package/dist/server/services/auth.js.map +1 -0
package/dist/server/services/client-id.d.ts +10 -0
package/dist/server/services/client-id.d.ts.map +1 -0
package/dist/server/services/client-id.js +61 -0
package/dist/server/services/client-id.js.map +1 -0
package/dist/server/services/credentials.d.ts +39 -0
package/dist/server/services/credentials.d.ts.map +1 -0
package/dist/server/services/credentials.js +110 -0
package/dist/server/services/credentials.js.map +1 -0
package/dist/server/services/files.d.ts +119 -0
package/dist/server/services/files.d.ts.map +1 -0
package/dist/server/services/files.js +560 -0
package/dist/server/services/files.js.map +1 -0
package/dist/server/services/instances.d.ts +52 -0
package/dist/server/services/instances.d.ts.map +1 -0
package/dist/server/services/instances.js +241 -0
package/dist/server/services/instances.js.map +1 -0
package/dist/server/services/pathUtils.d.ts +47 -0
package/dist/server/services/pathUtils.d.ts.map +1 -0
package/dist/server/services/pathUtils.js +124 -0
package/dist/server/services/pathUtils.js.map +1 -0
package/dist/server/services/platform.d.ts +72 -0
package/dist/server/services/platform.d.ts.map +1 -0
package/dist/server/services/platform.js +368 -0
package/dist/server/services/platform.js.map +1 -0
package/dist/server/services/sentry.d.ts +5 -0
package/dist/server/services/sentry.d.ts.map +1 -0
package/dist/server/services/sentry.js +71 -0
package/dist/server/services/sentry.js.map +1 -0
package/dist/server/services/terminal/pty-manager.d.ts +149 -0
package/dist/server/services/terminal/pty-manager.d.ts.map +1 -0
package/dist/server/services/terminal/pty-manager.js +377 -0
package/dist/server/services/terminal/pty-manager.js.map +1 -0
package/dist/server/services/terminal/tmux-manager.d.ts +82 -0
package/dist/server/services/terminal/tmux-manager.d.ts.map +1 -0
package/dist/server/services/terminal/tmux-manager.js +352 -0
package/dist/server/services/terminal/tmux-manager.js.map +1 -0
package/dist/server/services/websocket/autocomplete.d.ts +50 -0
package/dist/server/services/websocket/autocomplete.d.ts.map +1 -0
package/dist/server/services/websocket/autocomplete.js +361 -0
package/dist/server/services/websocket/autocomplete.js.map +1 -0
package/dist/server/services/websocket/file-utils.d.ts +44 -0
package/dist/server/services/websocket/file-utils.d.ts.map +1 -0
package/dist/server/services/websocket/file-utils.js +272 -0
package/dist/server/services/websocket/file-utils.js.map +1 -0
package/dist/server/services/websocket/handler.d.ts +246 -0
package/dist/server/services/websocket/handler.d.ts.map +1 -0
package/dist/server/services/websocket/handler.js +1771 -0
package/dist/server/services/websocket/handler.js.map +1 -0
package/dist/server/services/websocket/index.d.ts +11 -0
package/dist/server/services/websocket/index.d.ts.map +1 -0
package/dist/server/services/websocket/index.js +14 -0
package/dist/server/services/websocket/index.js.map +1 -0
package/dist/server/services/websocket/types.d.ts +214 -0
package/dist/server/services/websocket/types.d.ts.map +1 -0
package/dist/server/services/websocket/types.js +4 -0
package/dist/server/services/websocket/types.js.map +1 -0
package/dist/server/utils/agent-manager.d.ts +69 -0
package/dist/server/utils/agent-manager.d.ts.map +1 -0
package/dist/server/utils/agent-manager.js +269 -0
package/dist/server/utils/agent-manager.js.map +1 -0
package/dist/server/utils/paths.d.ts +25 -0
package/dist/server/utils/paths.d.ts.map +1 -0
package/dist/server/utils/paths.js +38 -0
package/dist/server/utils/paths.js.map +1 -0
package/dist/server/utils/port-manager.d.ts +10 -0
package/dist/server/utils/port-manager.d.ts.map +1 -0
package/dist/server/utils/port-manager.js +60 -0
package/dist/server/utils/port-manager.js.map +1 -0
package/dist/server/utils/port.d.ts +26 -0
package/dist/server/utils/port.d.ts.map +1 -0
package/dist/server/utils/port.js +83 -0
package/dist/server/utils/port.js.map +1 -0
package/hooks/bouncer.sh +138 -0
package/package.json +74 -0
package/server/README.md +191 -0
package/server/cli/headless/claude-invoker.ts +415 -0
package/server/cli/headless/index.ts +39 -0
package/server/cli/headless/mcp-config.ts +87 -0
package/server/cli/headless/output-utils.ts +109 -0
package/server/cli/headless/prompt-utils.ts +108 -0
package/server/cli/headless/runner.ts +133 -0
package/server/cli/headless/types.ts +118 -0
package/server/cli/improvisation-session-manager.ts +531 -0
package/server/index.ts +456 -0
package/server/mcp/README.md +122 -0
package/server/mcp/bouncer-cli.ts +127 -0
package/server/mcp/bouncer-integration.ts +430 -0
package/server/mcp/security-audit.ts +180 -0
package/server/mcp/security-patterns.ts +290 -0
package/server/mcp/server.ts +174 -0
package/server/routes/files.ts +29 -0
package/server/routes/improvise.ts +82 -0
package/server/routes/index.ts +13 -0
package/server/routes/instances.ts +54 -0
package/server/routes/notifications.ts +158 -0
package/server/services/analytics.ts +277 -0
package/server/services/auth.ts +80 -0
package/server/services/client-id.ts +68 -0
package/server/services/credentials.ts +134 -0
package/server/services/files.ts +710 -0
package/server/services/instances.ts +275 -0
package/server/services/pathUtils.ts +158 -0
package/server/services/platform.test.ts +1314 -0
package/server/services/platform.ts +435 -0
package/server/services/sentry.ts +81 -0
package/server/services/terminal/pty-manager.ts +464 -0
package/server/services/terminal/tmux-manager.ts +426 -0
package/server/services/websocket/autocomplete.ts +438 -0
package/server/services/websocket/file-utils.ts +305 -0
package/server/services/websocket/handler.test.ts +20 -0
package/server/services/websocket/handler.ts +2047 -0
package/server/services/websocket/index.ts +40 -0
package/server/services/websocket/types.ts +339 -0
package/server/tsconfig.json +19 -0
package/server/utils/agent-manager.ts +323 -0
package/server/utils/paths.ts +45 -0
package/server/utils/port-manager.ts +70 -0
package/server/utils/port.ts +102 -0

package/server/services/platform.ts ADDED Viewed

@@ -0,0 +1,435 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Platform Connection Service
+ *
+ * Handles WebSocket connection to the Mstro platform.
+ * Requires token-based authentication from `mstro login`.
+ *
+ * Flow:
+ * 1. Client reads token from ~/.mstro/credentials.json
+ * 2. Client connects to platform WebSocket with auth token
+ * 3. Platform validates token and auto-pairs to user's account
+ * 4. Client becomes an "orchestra" visible in user's web dashboard
+ */
+import { existsSync, readFileSync, writeFileSync } from 'node:fs'
+import { arch, homedir, hostname, type } from 'node:os'
+import { basename, join } from 'node:path'
+import { getClientId } from './client-id.js'
+import { captureException } from './sentry.js'
+import { isTmuxAvailable } from './terminal/tmux-manager.js'
+const MSTRO_DIR = join(homedir(), '.mstro')
+const CREDENTIALS_FILE = join(MSTRO_DIR, 'credentials.json')
+// Refresh token every 30 days
+const TOKEN_REFRESH_INTERVAL_MS = 30 * 24 * 60 * 60 * 1000
+interface StoredCredentials {
+  token: string
+  userId: string
+  email: string
+  name?: string
+  clientId: string
+  lastRefreshedAt?: string
+}
+/**
+ * Get stored credentials from ~/.mstro/credentials.json
+ */
+function getCredentials(): StoredCredentials | null {
+  if (!existsSync(CREDENTIALS_FILE)) {
+    return null
+  }
+  try {
+    const content = readFileSync(CREDENTIALS_FILE, 'utf-8')
+    const creds = JSON.parse(content)
+    if (creds.token && creds.userId && creds.email) {
+      return creds
+    }
+    return null
+  } catch {
+    return null
+  }
+}
+/**
+ * Update stored credentials (for token refresh)
+ */
+function updateCredentials(updates: Partial<StoredCredentials>): void {
+  const creds = getCredentials()
+  if (!creds) return
+  writeFileSync(CREDENTIALS_FILE, JSON.stringify({ ...creds, ...updates }, null, 2), {
+    mode: 0o600
+  })
+}
+/**
+ * Check if token should be refreshed
+ */
+function shouldRefreshToken(creds: StoredCredentials): boolean {
+  if (!creds.lastRefreshedAt) {
+    return true // Never refreshed
+  }
+  const lastRefreshed = new Date(creds.lastRefreshedAt).getTime()
+  const now = Date.now()
+  return now - lastRefreshed > TOKEN_REFRESH_INTERVAL_MS
+}
+/**
+ * Get machine identification string
+ * Format: "hostname @ node-vX.X.X platform (arch)"
+ * Example: "Jessica @ node-v22.21.1 linux (arm64)"
+ */
+export function getMachineIdentifier(): string {
+  const machineHostname = hostname()
+  const nodeVersion = process.version
+  const osType = type().toLowerCase()
+  const cpuArch = arch()
+  return `${machineHostname} @ node-${nodeVersion} ${osType} (${cpuArch})`
+}
+// Get WebSocket class - use global if available (Bun, Node 21+), otherwise import from undici (Node 18-20)
+let WebSocketImpl: typeof WebSocket
+if (typeof WebSocket !== 'undefined') {
+  WebSocketImpl = WebSocket
+} else {
+  // Node 18-20: use undici's WebSocket (bundled with Node.js but not typed)
+  // @ts-expect-error undici is bundled with Node.js but lacks type declarations
+  const { WebSocket: UndiciWS } = await import('undici')
+  WebSocketImpl = UndiciWS as unknown as typeof WebSocket
+}
+const DEFAULT_PLATFORM_URL = process.env.PLATFORM_URL || 'https://api.mstro.app'
+interface ConnectionCallbacks {
+  onConnected?: (connectionId: string) => void
+  onDisconnected?: () => void
+  onError?: (error: string) => void
+  onWebConnected?: () => void
+  onWebDisconnected?: () => void
+  onRelayedMessage?: (message: any) => void
+}
+/**
+ * Platform WebSocket connection with token-based authentication
+ */
+export class PlatformConnection {
+  private ws: WebSocket | null = null
+  private reconnectTimeout: ReturnType<typeof setTimeout> | null = null
+  private reconnectAttempts = 0
+  private maxReconnectAttempts = 10
+  private isIntentionallyClosed = false
+  private workingDirectory: string
+  private platformUrl: string
+  private callbacks: ConnectionCallbacks
+  private connectionId: string | null = null
+  private isConnected = false
+  private tokenRefreshInterval: ReturnType<typeof setInterval> | null = null
+  private heartbeatInterval: ReturnType<typeof setInterval> | null = null
+  constructor(
+    workingDirectory: string,
+    callbacks: ConnectionCallbacks = {},
+    platformUrl?: string
+  ) {
+    this.workingDirectory = workingDirectory
+    this.platformUrl = platformUrl || DEFAULT_PLATFORM_URL
+    this.callbacks = callbacks
+  }
+  /**
+   * Refresh the device token if needed
+   */
+  private async maybeRefreshToken(): Promise<void> {
+    const creds = getCredentials()
+    if (!creds || !shouldRefreshToken(creds)) {
+      return
+    }
+    try {
+      const response = await fetch(`${this.platformUrl}/api/auth/device/refresh`, {
+        method: 'POST',
+        headers: {
+          'Authorization': `Bearer ${creds.token}`,
+          'Content-Type': 'application/json'
+        }
+      })
+      if (response.ok) {
+        const data = await response.json() as { accessToken: string }
+        updateCredentials({
+          token: data.accessToken,
+          lastRefreshedAt: new Date().toISOString()
+        })
+      } else {
+        console.warn('[Platform] Token refresh failed, will retry later')
+      }
+    } catch (err) {
+      console.warn('[Platform] Token refresh error:', err)
+    }
+  }
+  /**
+   * Start periodic token refresh check
+   */
+  private startTokenRefreshCheck(): void {
+    // Check every 24 hours
+    this.tokenRefreshInterval = setInterval(() => {
+      this.maybeRefreshToken()
+    }, 24 * 60 * 60 * 1000)
+  }
+  /**
+   * Start heartbeat to keep connection alive and refresh server-side TTL
+   */
+  private startHeartbeat(): void {
+    // Send ping every 2 minutes (server TTL is 5 minutes)
+    this.heartbeatInterval = setInterval(() => {
+      if (this.ws && this.isConnected) {
+        try {
+          this.ws.send(JSON.stringify({ type: 'ping' }))
+        } catch {
+          // Ignore send errors - will reconnect if disconnected
+        }
+      }
+    }, 2 * 60 * 1000)
+  }
+  /**
+   * Stop heartbeat
+   */
+  private stopHeartbeat(): void {
+    if (this.heartbeatInterval) {
+      clearInterval(this.heartbeatInterval)
+      this.heartbeatInterval = null
+    }
+  }
+  /**
+   * Stop periodic token refresh check
+   */
+  private stopTokenRefreshCheck(): void {
+    if (this.tokenRefreshInterval) {
+      clearInterval(this.tokenRefreshInterval)
+      this.tokenRefreshInterval = null
+    }
+  }
+  /**
+   * Connect to platform WebSocket
+   */
+  connect(): void {
+    this.isIntentionallyClosed = false
+    const name = basename(this.workingDirectory)
+    const machineHostname = hostname()
+    const clientId = getClientId()
+    const machineId = getMachineIdentifier()
+    const nodeVersion = process.version
+    const osType = type().toLowerCase()
+    const cpuArch = arch()
+    // Get auth token from credentials
+    const credentials = getCredentials()
+    const authToken = credentials?.token
+    if (!authToken) {
+      console.error('\n❌ Not logged in. Run `mstro login` first.\n')
+      this.callbacks.onError?.('Not logged in - run `mstro login` first')
+      return
+    }
+    // Check for tmux availability (for persistent terminals)
+    const hasTmux = isTmuxAvailable()
+    // Build URL params WITHOUT the auth token — token is sent post-connection
+    // to avoid leaking it in proxy logs, browser history, and server access logs
+    const params = new URLSearchParams({
+      name,
+      workingDirectory: this.workingDirectory,
+      machineHostname,
+      clientId,
+      machineId,
+      nodeVersion,
+      osType,
+      cpuArch,
+      capabilities: JSON.stringify({ tmux: hasTmux })
+    })
+    const wsUrl = `${this.platformUrl.replace(/^http/, 'ws')}/ws/client?${params}`
+    try {
+      this.ws = new WebSocketImpl(wsUrl)
+    } catch (err) {
+      console.error('Failed to create WebSocket connection:', err)
+      captureException(err instanceof Error ? err : new Error(String(err)), { context: 'platform.connect' })
+      this.callbacks.onError?.('Failed to connect to platform')
+      this.scheduleReconnect()
+      return
+    }
+    // Connection timeout - if not connected within 10 seconds, show helpful error
+    const connectionTimeout = setTimeout(() => {
+      const state = this.ws?.readyState
+      if (this.ws && (state === 0 || state === undefined)) { // CONNECTING or unknown
+        console.error('\n❌ Connection timeout. The platform may have rejected your credentials.')
+        console.error('   Run `mstro login --force` to re-authenticate.\n')
+        this.ws.close()
+        this.callbacks.onError?.('Connection timeout - run `mstro login --force`')
+      }
+    }, 10000)
+    this.ws.onopen = () => {
+      clearTimeout(connectionTimeout)
+      console.log(`🌐 Connected to platform`)
+      // Send auth token as first message instead of URL param
+      this.ws!.send(JSON.stringify({ type: 'auth', token: authToken }))
+      // Check if token needs refresh on connect
+      this.maybeRefreshToken()
+      // Start periodic refresh checks
+      this.startTokenRefreshCheck()
+      this.reconnectAttempts = 0
+    }
+    this.ws.onmessage = (event) => {
+      try {
+        const message = JSON.parse(event.data.toString())
+        this.handleMessage(message)
+      } catch (err) {
+        console.error('Failed to parse platform message:', err)
+      }
+    }
+    // Track if we ever successfully connected (received 'paired' message)
+    let everConnected = false
+    const originalOnConnected = this.callbacks.onConnected
+    this.callbacks.onConnected = (connectionId) => {
+      everConnected = true
+      originalOnConnected?.(connectionId)
+    }
+    this.ws.onclose = (event) => {
+      // Stop heartbeat on any close
+      this.stopHeartbeat()
+      this.isConnected = false
+      if (!this.isIntentionallyClosed) {
+        // Check if we were rejected due to auth (code 4001 or 1006 before ever connecting)
+        const isAuthFailure = event.code === 4001 ||
+          event.reason?.includes('Unauthorized') ||
+          (event.code === 1006 && !everConnected)
+        if (isAuthFailure) {
+          console.error('\n❌ Authentication failed. Your device token may be invalid or expired.')
+          console.error('   Run `mstro login --force` to re-authenticate.\n')
+          this.callbacks.onError?.('Authentication failed - run `mstro login --force`')
+          return
+        }
+        console.log('Disconnected from platform, reconnecting...')
+        this.callbacks.onDisconnected?.()
+        this.scheduleReconnect()
+      }
+    }
+    this.ws.onerror = () => {
+      // onclose will be called after this
+    }
+  }
+  private handleMessage(message: any): void {
+    switch (message.type) {
+      case 'paired':
+        this.isConnected = true
+        this.connectionId = message.connectionId
+        console.log(`⚡ Connected to mstro.app!`)
+        // Start heartbeat to keep server-side TTL refreshed
+        this.startHeartbeat()
+        this.callbacks.onConnected?.(message.connectionId)
+        break
+      case 'web_connected':
+        console.log('🔗 Web client connected')
+        this.callbacks.onWebConnected?.()
+        break
+      case 'web_disconnected':
+        console.log('🔗 Web client disconnected')
+        this.callbacks.onWebDisconnected?.()
+        break
+      case 'pong':
+        // Heartbeat response, ignore
+        break
+      default:
+        // Relay message from web to wsHandler
+        // These are messages like 'execute', 'initTab', 'autocomplete', etc.
+        this.callbacks.onRelayedMessage?.(message)
+        break
+    }
+  }
+  private scheduleReconnect(): void {
+    if (this.reconnectTimeout) return
+    if (this.reconnectAttempts >= this.maxReconnectAttempts) {
+      console.log('Max reconnection attempts reached. Restart "mstro" to try again.')
+      return
+    }
+    this.reconnectAttempts++
+    const delay = Math.min(1000 * 2 ** (this.reconnectAttempts - 1), 30000)
+    this.reconnectTimeout = setTimeout(() => {
+      this.reconnectTimeout = null
+      this.connect()
+    }, delay)
+  }
+  /**
+   * Send message to platform (will be relayed to web if connected)
+   */
+  send(message: any): void {
+    if (this.ws && this.ws.readyState === WebSocketImpl.OPEN) {
+      this.ws.send(JSON.stringify(message))
+    }
+  }
+  /**
+   * Check if connected to platform
+   */
+  isConnectedToPlatform(): boolean {
+    return this.isConnected && this.ws?.readyState === WebSocketImpl.OPEN
+  }
+  /**
+   * Disconnect from platform
+   */
+  disconnect(): void {
+    this.isIntentionallyClosed = true
+    // Stop heartbeat and token refresh checks
+    this.stopHeartbeat()
+    this.stopTokenRefreshCheck()
+    if (this.reconnectTimeout) {
+      clearTimeout(this.reconnectTimeout)
+      this.reconnectTimeout = null
+    }
+    if (this.ws) {
+      this.ws.close()
+      this.ws = null
+    }
+    this.isConnected = false
+    this.connectionId = null
+  }
+}

package/server/services/sentry.ts ADDED Viewed

@@ -0,0 +1,81 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+import { existsSync, readFileSync } from 'node:fs'
+import { homedir } from 'node:os'
+import { join } from 'node:path'
+import * as Sentry from '@sentry/node'
+// Hardcoded DSN for production - this is safe to expose (can only send, not read)
+// Override with SENTRY_DSN env var for development/testing
+const SENTRY_DSN = process.env.SENTRY_DSN || 'https://2a8d2493e3ee5a7beec30f4518a5e24c@o4510824844820480.ingest.us.sentry.io/4510824923594752'
+const CONFIG_FILE = join(homedir(), '.mstro', 'config.json')
+let initialized = false
+interface MstroConfig {
+  telemetry?: boolean
+}
+/**
+ * Check if telemetry/error reporting is enabled
+ * Respects the same config as analytics (unified telemetry setting)
+ */
+function isTelemetryEnabled(): boolean {
+  // Check environment variable first
+  const envValue = process.env.MSTRO_TELEMETRY
+  if (envValue === '0' || envValue === 'false') {
+    return false
+  }
+  // Check config file
+  if (existsSync(CONFIG_FILE)) {
+    try {
+      const config: MstroConfig = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'))
+      if (config.telemetry === false) {
+        return false
+      }
+    } catch {
+      // Ignore parse errors
+    }
+  }
+  return true
+}
+export function initSentry(): void {
+  if (initialized) return
+  if (!isTelemetryEnabled()) return
+  initialized = true
+  Sentry.init({
+    dsn: SENTRY_DSN,
+    environment: process.env.NODE_ENV || 'development',
+    release: `mstro-cli@${process.env.npm_package_version || '0.0.0'}`,
+    tracesSampleRate: 0.1,
+    beforeSend(event) {
+      // Strip PII from error events
+      if (event.user) {
+        delete event.user.ip_address
+      }
+      return event
+    },
+  })
+}
+export function captureException(error: unknown, context?: Record<string, any>): void {
+  if (!initialized) return
+  Sentry.captureException(error, context ? { extra: context } : undefined)
+}
+export function captureMessage(message: string, level: 'info' | 'warning' | 'error' = 'info'): void {
+  if (!initialized) return
+  Sentry.captureMessage(message, level)
+}
+export async function flushSentry(timeout = 2000): Promise<void> {
+  if (!initialized) return
+  await Sentry.flush(timeout)
+}