palmier 0.6.6 → 0.6.7

package/src/mcp-handler.ts

@@ -0,0 +1,133 @@
+import { randomUUID } from "crypto";
+import { agentTools, agentToolMap, ToolError, type ToolContext } from "./mcp-tools.js";
+
+interface JsonRpcRequest {
+  jsonrpc: string;
+  id?: string | number | null;
+  method: string;
+  params?: Record<string, unknown>;
+}
+
+export interface McpResponse {
+  body: object;
+  sessionId?: string;
+}
+
+// Session-to-agent name map with 24h TTL
+const SESSION_TTL_MS = 24 * 60 * 60 * 1000;
+const sessionAgents = new Map<string, { agentName: string; expiresAt: number }>();
+
+export function getAgentName(sessionId: string): string | undefined {
+  const entry = sessionAgents.get(sessionId);
+  if (!entry) return undefined;
+  if (Date.now() > entry.expiresAt) {
+    sessionAgents.delete(sessionId);
+    return undefined;
+  }
+  return entry.agentName;
+}
+
+function pruneExpiredSessions(): void {
+  const now = Date.now();
+  for (const [id, entry] of sessionAgents) {
+    if (now > entry.expiresAt) sessionAgents.delete(id);
+  }
+}
+
+function rpcError(id: string | number | null, code: number, message: string): object {
+  return { jsonrpc: "2.0", id, error: { code, message } };
+}
+
+function rpcResult(id: string | number | null, result: unknown): object {
+  return { jsonrpc: "2.0", id, result };
+}
+
+export async function handleMcpRequest(body: string, sessionId: string | undefined, ctx: ToolContext): Promise<McpResponse> {
+  let req: JsonRpcRequest;
+  try {
+    req = JSON.parse(body);
+  } catch {
+    return { body: rpcError(null, -32700, "Parse error") };
+  }
+
+  const id = req.id ?? null;
+
+  if (req.jsonrpc !== "2.0") {
+    return { body: rpcError(id, -32600, "Invalid Request: missing jsonrpc 2.0") };
+  }
+
+  const agent = sessionId ? getAgentName(sessionId) : undefined;
+  const sid = sessionId?.slice(0, 8) ?? "none";
+  const logPrefix = agent ? `[mcp] [${sid}] [${agent}]` : `[mcp] [${sid}]`;
+  console.log(`${logPrefix} ${req.method}${req.method === "tools/call" ? ` → ${req.params?.name}` : ""}`);
+
+  switch (req.method) {
+    case "initialize": {
+      const newSessionId = randomUUID();
+      const clientInfo = req.params?.clientInfo as { name?: string; version?: string } | undefined;
+      const agentName = clientInfo
+        ? `${clientInfo.name || "unknown"}${clientInfo.version ? ` ${clientInfo.version}` : ""}`
+        : undefined;
+
+      if (agentName) {
+        sessionAgents.set(newSessionId, { agentName, expiresAt: Date.now() + SESSION_TTL_MS });
+        pruneExpiredSessions();
+      }
+
+      console.log(`[mcp] [${newSessionId.slice(0, 8)}] Session initialized${agentName ? ` (${agentName})` : ""}`);
+      return {
+        body: rpcResult(id, {
+          protocolVersion: "2025-03-26",
+          capabilities: { tools: {} },
+          serverInfo: { name: "palmier", version: "1.0.0" },
+        }),
+        sessionId: newSessionId,
+      };
+    }
+
+    case "tools/list": {
+      return {
+        body: rpcResult(id, {
+          tools: agentTools.map((t) => ({
+            name: t.name,
+            description: t.description,
+            inputSchema: t.inputSchema,
+          })),
+        }),
+      };
+    }
+
+    case "tools/call": {
+      const name = req.params?.name as string | undefined;
+      const args = (req.params?.arguments ?? {}) as Record<string, unknown>;
+
+      if (!name) return { body: rpcError(id, -32602, "Missing params.name") };
+
+      const tool = agentToolMap.get(name);
+      if (!tool) return { body: rpcError(id, -32602, `Unknown tool: ${name}`) };
+
+      try {
+        const result = await tool.handler(args, ctx);
+        console.log(`${logPrefix} tools/call ${name} done:`, JSON.stringify(result).slice(0, 200));
+        return {
+          body: rpcResult(id, {
+            content: [{ type: "text", text: JSON.stringify(result) }],
+          }),
+        };
+      } catch (err: any) {
+        const message = err instanceof ToolError ? err.message : String(err);
+        console.error(`${logPrefix} tools/call ${name} error:`, message);
+        return {
+          body: rpcResult(id, {
+            content: [{ type: "text", text: JSON.stringify({ error: message }) }],
+            isError: true,
+          }),
+        };
+      }
+    }
+
+    default:
+      console.warn(`${logPrefix} Unknown method: ${req.method}`);
+      return { body: rpcError(id, -32601, `Method not found: ${req.method}`) };
+  }
+}

package/src/mcp-tools.ts

@@ -0,0 +1,182 @@
+import { StringCodec, type NatsConnection } from "nats";
+import { registerPending } from "./pending-requests.js";
+import { getLocationDevice } from "./location-device.js";
+import type { HostConfig } from "./types.js";
+
+export class ToolError extends Error {
+  constructor(message: string, public statusCode: number = 500) {
+    super(message);
+  }
+}
+
+export interface ToolContext {
+  config: HostConfig;
+  nc: NatsConnection | undefined;
+  publishEvent: (id: string, payload: Record<string, unknown>) => Promise<void>;
+  sessionId: string;
+  agentName?: string;
+}
+
+export interface ToolDefinition {
+  name: string;
+  description: string;
+  inputSchema: object;
+  handler: (args: Record<string, unknown>, ctx: ToolContext) => Promise<unknown>;
+}
+
+const notifyTool: ToolDefinition = {
+  name: "notify",
+  description: "Send a push notification to the user's device.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      title: { type: "string", description: "Notification title" },
+      body: { type: "string", description: "Notification body" },
+    },
+    required: ["title", "body"],
+  },
+  async handler(args, ctx) {
+    const { title, body } = args as { title: string; body: string };
+    if (!title || !body) throw new ToolError("title and body are required", 400);
+    if (!ctx.nc) throw new ToolError("NATS not connected — push notifications require server mode", 503);
+
+    const sc = StringCodec();
+    const payload: Record<string, string> = { hostId: ctx.config.hostId, title, body };
+    if (ctx.sessionId) payload.session_id = ctx.sessionId;
+    if (ctx.agentName) payload.agent_name = ctx.agentName;
+    const subject = `host.${ctx.config.hostId}.push.send`;
+    const reply = await ctx.nc.request(subject, sc.encode(JSON.stringify(payload)), { timeout: 15_000 });
+    const result = JSON.parse(sc.decode(reply.data)) as { ok?: boolean; error?: string };
+
+    if (result.ok) return { ok: true };
+    throw new ToolError(result.error ?? "Push notification failed", 502);
+  },
+};
+
+const requestInputTool: ToolDefinition = {
+  name: "request-input",
+  description: "Request input from the user. The request blocks until the user responds.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      description: { type: "string", description: "Context or heading for the input request" },
+      questions: {
+        type: "array",
+        items: { type: "string" },
+        description: "Questions to present to the user",
+        minItems: 1,
+      },
+    },
+    required: ["questions"],
+  },
+  async handler(args, ctx) {
+    const { description, questions } = args as { description?: string; questions: string[] };
+    if (!questions?.length) throw new ToolError("questions is required", 400);
+
+    const pendingPromise = registerPending(ctx.sessionId, "input", questions);
+
+    await ctx.publishEvent("_input", {
+      event_type: "input-request",
+      host_id: ctx.config.hostId,
+      session_id: ctx.sessionId,
+      agent_name: ctx.agentName,
+      description,
+      input_questions: questions,
+    });
+
+    const response = await pendingPromise;
+
+    if (response.length === 1 && response[0] === "aborted") {
+      await ctx.publishEvent("_input", { event_type: "input-resolved", host_id: ctx.config.hostId, session_id: ctx.sessionId, status: "aborted" });
+      return { aborted: true };
+    }
+
+    await ctx.publishEvent("_input", { event_type: "input-resolved", host_id: ctx.config.hostId, session_id: ctx.sessionId, status: "provided" });
+    return { values: response };
+  },
+};
+
+const requestConfirmationTool: ToolDefinition = {
+  name: "request-confirmation",
+  description: "Request confirmation from the user. The request blocks until the user confirms or aborts.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      description: { type: "string", description: "What the user is confirming" },
+    },
+    required: ["description"],
+  },
+  async handler(args, ctx) {
+    const { description } = args as { description: string };
+    if (!description) throw new ToolError("description is required", 400);
+
+    const pendingPromise = registerPending(ctx.sessionId, "confirmation");
+
+    await ctx.publishEvent("_confirm", {
+      event_type: "confirm-request",
+      host_id: ctx.config.hostId,
+      session_id: ctx.sessionId,
+      agent_name: ctx.agentName,
+      description,
+    });
+
+    const response = await pendingPromise;
+    const confirmed = response[0] === "confirmed";
+
+    await ctx.publishEvent("_confirm", {
+      event_type: "confirm-resolved",
+      host_id: ctx.config.hostId,
+      session_id: ctx.sessionId,
+      status: confirmed ? "confirmed" : "aborted",
+    });
+
+    return { confirmed };
+  },
+};
+
+const deviceGeolocationTool: ToolDefinition = {
+  name: "device-geolocation",
+  description: "Get the GPS location of the user's mobile device. Blocks until the device responds (up to 30 seconds).",
+  inputSchema: {
+    type: "object",
+    properties: {},
+  },
+  async handler(_args, ctx) {
+    if (!ctx.nc) throw new ToolError("Not connected to server (NATS unavailable)", 503);
+
+    const locDevice = getLocationDevice();
+    if (!locDevice) throw new ToolError("No device has location access enabled", 400);
+
+    const sc = StringCodec();
+
+    const ackReply = await ctx.nc.request(
+      `host.${ctx.config.hostId}.fcm.geolocation`,
+      sc.encode(JSON.stringify({ hostId: ctx.config.hostId, requestId: ctx.sessionId, fcmToken: locDevice.fcmToken })),
+      { timeout: 5_000 },
+    );
+    const ack = JSON.parse(sc.decode(ackReply.data)) as { ok?: boolean; error?: string };
+    if (ack.error) throw new ToolError(ack.error, 502);
+
+    const locationPromise = new Promise<string>((resolve, reject) => {
+      const sub = ctx.nc!.subscribe(`host.${ctx.config.hostId}.geolocation.${ctx.sessionId}`, { max: 1 });
+      const timer = setTimeout(() => {
+        sub.unsubscribe();
+        reject(new ToolError("Device did not respond within 30 seconds", 504));
+      }, 30_000);
+
+      (async () => {
+        for await (const msg of sub) {
+          clearTimeout(timer);
+          resolve(sc.decode(msg.data));
+        }
+      })();
+    });
+
+    const locationData = JSON.parse(await locationPromise);
+    if (locationData.error) return { error: locationData.error };
+    return locationData;
+  },
+};
+
+export const agentTools: ToolDefinition[] = [notifyTool, requestInputTool, requestConfirmationTool, deviceGeolocationTool];
+export const agentToolMap = new Map<string, ToolDefinition>(agentTools.map((t) => [t.name, t]));

package/src/rpc-handler.ts

@@ -13,6 +13,7 @@ import crossSpawn from "cross-spawn";
 import { getAgent } from "./agents/agent.js";
 import { validateClient } from "./client-store.js";
 import { publishHostEvent } from "./events.js";
+import { getLocationDevice, setLocationDevice, clearLocationDevice } from "./location-device.js";
 import { currentVersion, performUpdate } from "./update-checker.js";
 import { parseReportFiles, parseTaskOutcome, stripPalmierMarkers } from "./commands/run.js";
 import type { HostConfig, ParsedTask, RpcMessage, ConversationMessage } from "./types.js";
@@ -166,27 +167,29 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
       body: task.body,
       status: status ? {
         ...status,
-        ...(pending?.type === "confirmation" ? { pending_confirmation: true } : {}),
         ...(pending?.type === "permission" ? { pending_permission: pending.params } : {}),
-        ...(pending?.type === "input" ? { pending_input: pending.params } : {}),
       } : undefined,
     };
   }
 
   async function handleRpc(request: RpcMessage): Promise<unknown> {
-    // Client token validation: skip for trusted localhost requests
-    if (!request.localhost && (!request.clientToken || !validateClient(request.clientToken))) {
+    // Client token validation: skip for trusted localhost requests and
+    // task.user_input (server-originated push responses; gated by getPending instead)
+    const skipAuth = request.method === "task.user_input";
+    if (!skipAuth && !request.localhost && (!request.clientToken || !validateClient(request.clientToken))) {
       return { error: "Unauthorized" };
     }
 
     switch (request.method) {
       case "task.list": {
         const tasks = listTasks(config.projectRoot);
+        const locDevice = getLocationDevice();
         return {
           tasks: tasks.map((task) => flattenTask(task)),
           agents: config.agents ?? [],
           version: currentVersion,
           host_platform: process.platform,
+          location_client_token: locDevice?.clientToken ?? null,
         };
       }
 
@@ -440,7 +443,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         const child = crossSpawn(cmd, cmdArgs, {
           cwd: followupRunDir,
           stdio: [stdin != null ? "pipe" : "ignore", "pipe", "pipe"],
-          env: { ...process.env, ...followupAgentEnv, PALMIER_TASK_ID: params.id },
+          env: { ...process.env, ...followupAgentEnv },
           windowsHide: true,
         });
         if (stdin != null) child.stdin!.end(stdin);
@@ -577,9 +580,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         return {
           task_id: params.id,
           ...status,
-          ...(pending?.type === "confirmation" ? { pending_confirmation: true } : {}),
           ...(pending?.type === "permission" ? { pending_permission: pending.params } : {}),
-          ...(pending?.type === "input" ? { pending_input: pending.params } : {}),
         };
       }
 
@@ -690,6 +691,19 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         return { ok: true };
       }
 
+      case "device.location.enable": {
+        const params = request.params as { fcmToken: string };
+        if (!params.fcmToken) return { error: "fcmToken is required" };
+        const clientToken = request.clientToken ?? "";
+        setLocationDevice(clientToken, params.fcmToken);
+        return { ok: true };
+      }
+
+      case "device.location.disable": {
+        clearLocationDevice();
+        return { ok: true };
+      }
+
       default:
         return { error: `Unknown method: ${request.method}` };
     }

package/src/transports/http-transport.ts

@@ -5,8 +5,10 @@ import { StringCodec, type NatsConnection } from "nats";
 import { validateClient, addClient } from "../client-store.js";
 import { registerPending } from "../pending-requests.js";
 import * as fs from "node:fs";
-import { getTaskDir, parseTaskFile, spliceUserMessage } from "../task.js";
 import type { HostConfig, RpcMessage, RequiredPermission } from "../types.js";
+import { agentToolMap, ToolError, type ToolContext } from "../mcp-tools.js";
+import { handleMcpRequest, getAgentName } from "../mcp-handler.js";
+import { getTaskDir } from "../task.js";
 
 // ── Bundled PWA asset serving ───────────────────────────────────────────
 
@@ -87,18 +89,6 @@ export function detectLanIp(): string {
   return "127.0.0.1";
 }
 
-/** Find the latest (highest-numbered) run directory for a task. */
-function findLatestRunId(taskDir: string): string | null {
-  try {
-    const dirs = fs.readdirSync(taskDir)
-      .filter((f) => /^\d+$/.test(f) && fs.statSync(`${taskDir}/${f}`).isDirectory())
-      .sort();
-    return dirs.length > 0 ? dirs[dirs.length - 1] : null;
-  } catch {
-    return null;
-  }
-}
-
 /**
  * Start the HTTP transport: server with RPC, SSE, PWA proxy, pairing, and
  * localhost-only agent endpoints (notify, request-input, confirmation, permission).
@@ -172,10 +162,65 @@ export async function startHttpTransport(
     broadcastSseEvent({ task_id: taskId, ...payload });
   }
 
+  function makeToolContext(sessionId: string): ToolContext {
+    return { config, nc, publishEvent, sessionId, agentName: getAgentName(sessionId) };
+  }
+
   const server = http.createServer(async (req, res) => {
     const url = new URL(req.url ?? "/", `http://localhost:${port}`);
     const pathname = url.pathname;
 
+    // ── MCP streamable HTTP endpoint ──────────────────────────────────
+
+    if (req.method === "POST" && pathname === "/mcp") {
+      if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
+      try {
+        const body = await readBody(req);
+        const sessionId = req.headers["mcp-session-id"] as string | undefined;
+        const ctx = makeToolContext(sessionId ?? "");
+        const result = await handleMcpRequest(body, sessionId, ctx);
+        if (result.sessionId) {
+          res.setHeader("Mcp-Session-Id", result.sessionId);
+        }
+        sendJson(res, 200, result.body);
+      } catch (err) {
+        sendJson(res, 500, { error: String(err) });
+      }
+      return;
+    }
+
+    // ── Auto-generated REST endpoints from MCP tool registry ──────────
+
+    if (req.method === "POST" && agentToolMap.has(pathname.slice(1))) {
+      if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
+      const tool = agentToolMap.get(pathname.slice(1))!;
+      try {
+        const body = await readBody(req);
+        const args = body.trim() ? JSON.parse(body) : {};
+        const { taskId } = args as { taskId?: string };
+        if (!taskId) {
+          sendJson(res, 400, { error: "taskId is required" });
+          return;
+        }
+        const taskDir = getTaskDir(config.projectRoot, taskId);
+        if (!fs.existsSync(taskDir)) {
+          sendJson(res, 404, { error: `Task not found: ${taskId}` });
+          return;
+        }
+        delete args.taskId;
+        const ctx = makeToolContext(taskId);
+        console.log(`[mcp] REST [${taskId.slice(0, 8)}] ${tool.name}`);
+        const result = await tool.handler(args, ctx);
+        console.log(`[mcp] REST [${taskId.slice(0, 8)}] ${tool.name} done:`, JSON.stringify(result).slice(0, 200));
+        sendJson(res, 200, result);
+      } catch (err: any) {
+        const status = err instanceof ToolError ? err.statusCode : 500;
+        console.error(`[mcp] REST ${tool.name} error:`, err.message ?? String(err));
+        sendJson(res, status, { error: err.message ?? String(err) });
+      }
+      return;
+    }
+
     // ── Localhost-only endpoints (no auth) ─────────────────────────────
 
     if (req.method === "POST" && pathname === "/event") {
@@ -217,121 +262,6 @@ export async function startHttpTransport(
       return;
     }
 
-    // ── POST /notify — send push notification via NATS ─────────────────
-
-    if (req.method === "POST" && pathname === "/notify") {
-      if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
-      if (!nc) { sendJson(res, 503, { error: "NATS not connected — push notifications require server mode" }); return; }
-
-      try {
-        const body = await readBody(req);
-        const { taskId: notifTaskId, title, body: notifBody } = JSON.parse(body) as { taskId?: string; title: string; body: string };
-        if (!title || !notifBody) { sendJson(res, 400, { error: "title and body are required" }); return; }
-
-        const sc = StringCodec();
-        const payload: Record<string, string> = { hostId: config.hostId, title, body: notifBody };
-        if (notifTaskId) payload.task_id = notifTaskId;
-        const subject = `host.${config.hostId}.push.send`;
-        const reply = await nc.request(subject, sc.encode(JSON.stringify(payload)), { timeout: 15_000 });
-        const result = JSON.parse(sc.decode(reply.data)) as { ok?: boolean; error?: string };
-
-        if (result.ok) {
-          sendJson(res, 200, { ok: true });
-        } else {
-          sendJson(res, 502, { error: result.error ?? "Push notification failed" });
-        }
-      } catch (err) {
-        sendJson(res, 500, { error: `Failed to send notification: ${err}` });
-      }
-      return;
-    }
-
-    // ── POST /request-input — held connection until user responds ────────
-
-    if (req.method === "POST" && pathname === "/request-input") {
-      if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
-      try {
-        const body = await readBody(req);
-        const { taskId, runId, descriptions } = JSON.parse(body) as {
-          taskId: string; runId?: string; descriptions: string[];
-        };
-        if (!taskId || !descriptions?.length) {
-          sendJson(res, 400, { error: "taskId and descriptions are required" });
-          return;
-        }
-
-        const taskDir = getTaskDir(config.projectRoot, taskId);
-        const task = parseTaskFile(taskDir);
-
-        // Resolve runId: use provided value, otherwise find the latest run directory
-        const effectiveRunId = runId ?? findLatestRunId(taskDir);
-
-        const pendingPromise = registerPending(taskId, "input", descriptions);
-
-        await publishEvent(taskId, {
-          event_type: "input-request",
-          host_id: config.hostId,
-          input_descriptions: descriptions,
-          name: task.frontmatter.name,
-        });
-
-        const response = await pendingPromise;
-
-        const questionsBlock = "\n\n" + descriptions.map((d) => `**${d}**`).join("\n");
-
-        if (response.length === 1 && response[0] === "aborted") {
-          await publishEvent(taskId, { event_type: "input-resolved", host_id: config.hostId, status: "aborted" });
-          if (effectiveRunId) {
-            spliceUserMessage(taskDir, effectiveRunId, { role: "user", time: Date.now(), content: "Aborted", type: "input" }, questionsBlock);
-            await publishEvent(taskId, { event_type: "result-updated", run_id: effectiveRunId });
-          }
-          sendJson(res, 200, { aborted: true });
-        } else {
-          await publishEvent(taskId, { event_type: "input-resolved", host_id: config.hostId, status: "provided" });
-          if (effectiveRunId) {
-            spliceUserMessage(taskDir, effectiveRunId, { role: "user", time: Date.now(), content: response.join("\n"), type: "input" }, questionsBlock);
-            await publishEvent(taskId, { event_type: "result-updated", run_id: effectiveRunId });
-          }
-          sendJson(res, 200, { values: response });
-        }
-      } catch (err) {
-        sendJson(res, 500, { error: String(err) });
-      }
-      return;
-    }
-
-    // ── POST /request-confirmation — held connection ────────────────────
-
-    if (req.method === "POST" && pathname === "/request-confirmation") {
-      if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
-      try {
-        const body = await readBody(req);
-        const { taskId } = JSON.parse(body) as { taskId: string };
-        if (!taskId) { sendJson(res, 400, { error: "taskId is required" }); return; }
-
-        const pendingPromise = registerPending(taskId, "confirmation");
-
-        await publishEvent(taskId, {
-          event_type: "confirm-request",
-          host_id: config.hostId,
-        });
-
-        const response = await pendingPromise;
-        const confirmed = response[0] === "confirmed";
-
-        await publishEvent(taskId, {
-          event_type: "confirm-resolved",
-          host_id: config.hostId,
-          status: confirmed ? "confirmed" : "aborted",
-        });
-
-        sendJson(res, 200, { confirmed });
-      } catch (err) {
-        sendJson(res, 500, { error: String(err) });
-      }
-      return;
-    }
-
     // ── POST /request-permission — held connection ──────────────────────
 
     if (req.method === "POST" && pathname === "/request-permission") {