pikiloop 0.4.0

package/dist/agent/mcp/extensions.js

@@ -0,0 +1,637 @@
+/**
+ * MCP extension management — CRUD, catalog merge, health check, session merge.
+ *
+ * Global extensions live in ~/.pikiloop/setting.json under extensions.mcp.
+ * Workspace extensions live in <workdir>/.mcp.json (standard format).
+ *
+ * getCatalogItems() produces the unified list the dashboard renders:
+ * recommended-registry entries merged with installed entries, with a single
+ * state field per item (recommended | needs_auth | disabled | ready | unhealthy).
+ *
+ * mergeExtensionsForSession() is called by bridge.ts before spawning an agent —
+ * it resolves disabled flags, expands OAuth Bearer headers from the token store,
+ * and hands the final config map to the agent CLI.
+ */
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { spawn } from 'node:child_process';
+import { loadUserConfig, saveUserConfig } from '../../core/config/user-config.js';
+import { getRecommendedMcpServers, } from './registry.js';
+import { hasValidMcpToken, injectOAuthHeaders } from './oauth.js';
+// ---------------------------------------------------------------------------
+// Global extensions (setting.json)
+// ---------------------------------------------------------------------------
+export function loadGlobalMcpExtensions() {
+    const config = loadUserConfig();
+    const mcp = config.extensions?.mcp;
+    if (!mcp || typeof mcp !== 'object')
+        return [];
+    return Object.entries(mcp).map(([name, cfg]) => ({
+        name,
+        config: cfg,
+        scope: 'global',
+    }));
+}
+export function addGlobalMcpExtension(name, config) {
+    const userConfig = loadUserConfig();
+    const extensions = userConfig.extensions ?? {};
+    const mcp = { ...(extensions.mcp ?? {}) };
+    mcp[name] = config;
+    saveUserConfig({ ...userConfig, extensions: { ...extensions, mcp } });
+}
+export function removeGlobalMcpExtension(name) {
+    const userConfig = loadUserConfig();
+    const mcp = { ...(userConfig.extensions?.mcp ?? {}) };
+    if (!(name in mcp))
+        return false;
+    delete mcp[name];
+    saveUserConfig({
+        ...userConfig,
+        extensions: { ...userConfig.extensions, mcp },
+    });
+    return true;
+}
+export function updateGlobalMcpExtension(name, patch) {
+    const userConfig = loadUserConfig();
+    const mcp = { ...(userConfig.extensions?.mcp ?? {}) };
+    if (!(name in mcp))
+        return false;
+    mcp[name] = { ...mcp[name], ...patch };
+    saveUserConfig({
+        ...userConfig,
+        extensions: { ...userConfig.extensions, mcp },
+    });
+    return true;
+}
+// ---------------------------------------------------------------------------
+// Workspace extensions (.mcp.json)
+// ---------------------------------------------------------------------------
+function workspaceMcpJsonPath(workdir) {
+    return path.join(workdir, '.mcp.json');
+}
+function readMcpJson(filePath) {
+    try {
+        const raw = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        const servers = parsed?.mcpServers ?? parsed;
+        if (typeof servers === 'object' && servers !== null && !Array.isArray(servers)) {
+            return servers;
+        }
+    }
+    catch { /* not found or invalid */ }
+    return {};
+}
+function writeMcpJson(filePath, servers) {
+    const content = JSON.stringify({ mcpServers: servers }, null, 2) + '\n';
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.writeFileSync(filePath, content);
+}
+export function loadWorkspaceMcpExtensions(workdir) {
+    const mcpPath = workspaceMcpJsonPath(workdir);
+    const servers = readMcpJson(mcpPath);
+    return Object.entries(servers).map(([name, cfg]) => ({
+        name,
+        config: cfg,
+        scope: 'workspace',
+        source: mcpPath,
+    }));
+}
+export function addWorkspaceMcpExtension(workdir, name, config) {
+    const mcpPath = workspaceMcpJsonPath(workdir);
+    const servers = readMcpJson(mcpPath);
+    servers[name] = config;
+    writeMcpJson(mcpPath, servers);
+}
+export function removeWorkspaceMcpExtension(workdir, name) {
+    const mcpPath = workspaceMcpJsonPath(workdir);
+    const servers = readMcpJson(mcpPath);
+    if (!(name in servers))
+        return false;
+    delete servers[name];
+    writeMcpJson(mcpPath, servers);
+    return true;
+}
+export function updateWorkspaceMcpExtension(workdir, name, patch) {
+    const mcpPath = workspaceMcpJsonPath(workdir);
+    const servers = readMcpJson(mcpPath);
+    if (!(name in servers))
+        return false;
+    servers[name] = { ...servers[name], ...patch };
+    writeMcpJson(mcpPath, servers);
+    return true;
+}
+// ---------------------------------------------------------------------------
+// Unified listing
+// ---------------------------------------------------------------------------
+export function listAllMcpExtensions(workdir) {
+    const global = loadGlobalMcpExtensions();
+    const workspace = workdir ? loadWorkspaceMcpExtensions(workdir) : [];
+    const claudeMcp = [];
+    if (workdir) {
+        const claudePath = path.join(workdir, '.claude', '.mcp.json');
+        const servers = readMcpJson(claudePath);
+        for (const [name, cfg] of Object.entries(servers)) {
+            claudeMcp.push({ name, config: cfg, scope: 'workspace', source: claudePath });
+        }
+    }
+    return [...global, ...workspace, ...claudeMcp];
+}
+// ---------------------------------------------------------------------------
+// Catalog — merged recommended + installed with state computation
+// ---------------------------------------------------------------------------
+function cmdSummary(config) {
+    if (config.type === 'http' && config.url)
+        return config.url;
+    const cmd = config.command || '';
+    const args = (config.args || []).filter(a => a !== '-y');
+    return [cmd, ...args].join(' ').trim();
+}
+/**
+ * Generic @modelcontextprotocol/server-* demos that historically shipped in the
+ * recommended list but were later removed (no product identity, overlap with
+ * built-in agent capabilities like search/time). We hide them from the catalog
+ * UI so old installs don't clutter the Connected section. The configs are kept
+ * in setting.json untouched — users can still edit by hand if they want.
+ */
+const HIDDEN_GENERIC_DEMO_PACKAGES = new Set([
+    '@modelcontextprotocol/server-time',
+    '@modelcontextprotocol/server-fetch',
+    '@modelcontextprotocol/server-memory',
+    'mcp-server-time',
+    'mcp-server-fetch',
+    'mcp-server-memory',
+]);
+const HIDDEN_GENERIC_DEMO_NAMES = new Set(['time', 'fetch', 'memory']);
+function isGenericDemoEntry(entry) {
+    if (HIDDEN_GENERIC_DEMO_NAMES.has(entry.name.toLowerCase()))
+        return true;
+    const args = entry.config.args || [];
+    return args.some(a => HIDDEN_GENERIC_DEMO_PACKAGES.has(a));
+}
+function transportSummary(transport) {
+    if (transport.type === 'http')
+        return transport.url;
+    return [transport.command, ...transport.args.filter(a => a !== '-y')].join(' ');
+}
+function hasRequiredCredentials(config, auth) {
+    if (auth.type !== 'credentials')
+        return true;
+    const bag = { ...(config.env || {}), ...(config.headers || {}) };
+    for (const field of auth.fields) {
+        if (!field.required)
+            continue;
+        if (!bag[field.key] || !String(bag[field.key]).trim())
+            return false;
+    }
+    return true;
+}
+function computeStateForInstalled(config, auth, id, unhealthyIds) {
+    if (config.enabled === false || config.disabled === true)
+        return 'disabled';
+    if (auth.type === 'credentials' && !hasRequiredCredentials(config, auth))
+        return 'needs_auth';
+    if (auth.type === 'mcp-oauth' && !hasValidMcpToken(id))
+        return 'needs_auth';
+    if (unhealthyIds?.has(id))
+        return 'unhealthy';
+    return 'ready';
+}
+/**
+ * Produce the unified catalog for the dashboard: every recommended registry
+ * entry, plus any custom installed entries the user added, each with a
+ * computed state field.
+ *
+ * When `scope` is provided, recommended entries are filtered to those whose
+ * `recommendedScope` matches (or is `'both'`). Custom entries are filtered
+ * by where they are installed — `scope: 'global'` excludes workspace entries
+ * and vice versa.
+ */
+export function getCatalogItems(opts = {}) {
+    const recommended = getRecommendedMcpServers();
+    const installed = [
+        ...loadGlobalMcpExtensions(),
+        ...(opts.workdir ? loadWorkspaceMcpExtensions(opts.workdir) : []),
+    ];
+    // Build lookup: catalogId -> installed entry (preferring global).
+    const installedByCatalogId = new Map();
+    const customEntries = [];
+    for (const entry of installed) {
+        const catalogId = entry.config.catalogId;
+        if (catalogId && recommended.some(r => r.id === catalogId)) {
+            if (!installedByCatalogId.has(catalogId))
+                installedByCatalogId.set(catalogId, entry);
+        }
+        else {
+            customEntries.push(entry);
+        }
+    }
+    const scopeMatchesRec = (rec) => {
+        if (!opts.scope)
+            return true;
+        return rec.recommendedScope === opts.scope || rec.recommendedScope === 'both';
+    };
+    const scopeMatchesEntry = (entry) => {
+        if (!opts.scope)
+            return true;
+        if (opts.scope === 'both')
+            return true;
+        return entry.scope === opts.scope;
+    };
+    const items = [];
+    // Builtin items derive their installed/state from a top-level config flag
+    // rather than `extensions.mcp`. Each catalogId maps to one flag — extend the
+    // switch when adding a new builtin.
+    const userConfig = loadUserConfig();
+    const builtinInstalled = (catalogId) => {
+        if (catalogId === 'pikiloop-browser')
+            return userConfig.browserEnabled === true;
+        if (catalogId === 'peekaboo')
+            return userConfig.peekabooEnabled === true;
+        return false;
+    };
+    // 1. Registry entries — preserve registry ordering.
+    for (const rec of recommended) {
+        if (!scopeMatchesRec(rec))
+            continue;
+        const entry = installedByCatalogId.get(rec.id);
+        let state;
+        let installed;
+        let installedKey;
+        let scope;
+        let config;
+        if (rec.isBuiltin) {
+            installed = builtinInstalled(rec.id);
+            state = installed ? 'ready' : 'recommended';
+            installedKey = installed ? rec.id : undefined;
+            // Leave scope undefined: builtins aren't tied to global/workspace
+            // storage, and the catalog UI's scope filter ignores items with no scope.
+            scope = undefined;
+        }
+        else {
+            state = entry
+                ? computeStateForInstalled(entry.config, rec.auth, rec.id, opts.unhealthyIds)
+                : 'recommended';
+            installed = !!entry;
+            installedKey = entry?.name;
+            scope = entry?.scope;
+            config = entry?.config;
+        }
+        items.push({
+            id: rec.id,
+            name: rec.name,
+            description: rec.description,
+            descriptionZh: rec.descriptionZh,
+            category: rec.category,
+            iconSlug: rec.iconSlug,
+            iconUrl: rec.iconUrl,
+            homepage: rec.homepage,
+            transport: { type: rec.transport.type, summary: transportSummary(rec.transport) },
+            auth: rec.auth,
+            state,
+            isRecommended: true,
+            installed,
+            scope,
+            config,
+            installedKey,
+            recommendedScope: rec.recommendedScope,
+            isBuiltin: rec.isBuiltin,
+        });
+    }
+    // 2. Custom entries — user-added servers not in the recommended registry.
+    for (const entry of customEntries) {
+        if (!scopeMatchesEntry(entry))
+            continue;
+        if (isGenericDemoEntry(entry))
+            continue;
+        const auth = { type: 'none' };
+        const state = computeStateForInstalled(entry.config, auth, entry.name, opts.unhealthyIds);
+        items.push({
+            id: entry.name,
+            name: entry.name,
+            description: cmdSummary(entry.config),
+            descriptionZh: cmdSummary(entry.config),
+            category: 'custom',
+            transport: {
+                type: entry.config.type === 'http' ? 'http' : 'stdio',
+                summary: cmdSummary(entry.config),
+            },
+            auth,
+            state,
+            isRecommended: false,
+            installed: true,
+            scope: entry.scope,
+            config: entry.config,
+            installedKey: entry.name,
+        });
+    }
+    return items;
+}
+export function getCatalogItem(id, opts = {}) {
+    return getCatalogItems(opts).find(i => i.id === id);
+}
+/**
+ * Build an `McpServerConfig` from a recommended entry plus user-supplied
+ * credentials. Used when installing a recommended server via the catalog flow.
+ */
+export function buildInstalledConfigFromRecommended(rec, opts = { enabled: false }) {
+    const creds = opts.credentials || {};
+    if (rec.transport.type === 'stdio') {
+        const env = {};
+        if (rec.auth.type === 'credentials') {
+            for (const f of rec.auth.fields)
+                if (creds[f.key])
+                    env[f.key] = creds[f.key];
+        }
+        return {
+            type: 'stdio',
+            command: rec.transport.command,
+            args: rec.transport.args,
+            ...(Object.keys(env).length ? { env } : {}),
+            enabled: opts.enabled,
+            catalogId: rec.id,
+        };
+    }
+    const headers = {};
+    if (rec.auth.type === 'credentials') {
+        // Convention: first non-empty credential becomes Authorization: Bearer <value>.
+        // Matches how Stripe, Perplexity, and similar providers expect the token.
+        const first = rec.auth.fields.find(f => creds[f.key]);
+        if (first)
+            headers.Authorization = `Bearer ${creds[first.key]}`;
+    }
+    return {
+        type: 'http',
+        url: rec.transport.url,
+        ...(Object.keys(headers).length ? { headers } : {}),
+        enabled: opts.enabled,
+        catalogId: rec.id,
+    };
+}
+// ---------------------------------------------------------------------------
+// Merge for session — called by bridge.ts
+// ---------------------------------------------------------------------------
+/**
+ * Build the merged MCP server list for a session.
+ * Priority (low → high): global → workspace .mcp.json → .claude/.mcp.json → ~/.claude/.mcp.json → builtins.
+ * Disabled servers are filtered out. OAuth Bearer headers are injected for
+ * any http-type server that has a valid token in the token store.
+ */
+export function mergeExtensionsForSession(builtinServers, workdir) {
+    const merged = {};
+    // 1. Global extensions from setting.json (lowest priority)
+    const userConfig = loadUserConfig();
+    const globalMcp = userConfig.extensions?.mcp;
+    if (globalMcp) {
+        for (const [name, cfg] of Object.entries(globalMcp)) {
+            if (cfg.enabled === false || cfg.disabled)
+                continue;
+            if (cfg.type === 'http' && cfg.url) {
+                const oauthKey = cfg.catalogId || name;
+                const headers = injectOAuthHeaders(oauthKey, { headers: cfg.headers });
+                merged[name] = {
+                    type: 'http',
+                    url: cfg.url,
+                    ...(Object.keys(headers).length ? { headers } : {}),
+                };
+            }
+            else if (cfg.command) {
+                merged[name] = {
+                    type: 'stdio',
+                    command: cfg.command,
+                    args: cfg.args || [],
+                    ...(cfg.env ? { env: cfg.env } : {}),
+                };
+            }
+        }
+    }
+    // 2. Workspace .mcp.json files (overwrite global)
+    if (workdir) {
+        for (const candidate of [
+            path.join(workdir, '.mcp.json'),
+            path.join(workdir, '.claude', '.mcp.json'),
+            path.join(os.homedir(), '.claude', '.mcp.json'),
+        ]) {
+            try {
+                const raw = fs.readFileSync(candidate, 'utf-8');
+                const parsed = JSON.parse(raw);
+                const servers = parsed?.mcpServers ?? parsed;
+                if (servers && typeof servers === 'object') {
+                    for (const [name, cfg] of Object.entries(servers)) {
+                        if (cfg?.disabled === true) {
+                            delete merged[name];
+                        }
+                        else {
+                            Object.assign(merged, { [name]: cfg });
+                        }
+                    }
+                }
+            }
+            catch { /* skip */ }
+        }
+    }
+    // 3. Built-in servers (highest priority)
+    for (const server of builtinServers) {
+        merged[server.name] = {
+            type: 'stdio',
+            command: server.command,
+            args: server.args,
+            ...(server.env ? { env: server.env } : {}),
+        };
+    }
+    // Filter out any remaining disabled entries
+    for (const [name, cfg] of Object.entries(merged)) {
+        if (cfg?.disabled === true || cfg?.enabled === false) {
+            delete merged[name];
+        }
+    }
+    return merged;
+}
+/**
+ * Convert global + workspace extensions to RegisteredMcpServer[] for Codex
+ * and Gemini agents that consume server arrays instead of merged configs.
+ *
+ * Supports both stdio and HTTP transports. For HTTP entries, OAuth Bearer
+ * headers are injected from the token store (same path as
+ * mergeExtensionsForSession), so a one-time global authorization carries
+ * across every workspace.
+ */
+export function getGlobalExtensionsAsServers(workdir) {
+    const merged = new Map();
+    const toEntry = (name, cfg) => {
+        if (cfg.type === 'http' && cfg.url) {
+            const oauthKey = cfg.catalogId || name;
+            const headers = injectOAuthHeaders(oauthKey, { headers: cfg.headers });
+            return {
+                name,
+                type: 'http',
+                url: cfg.url,
+                ...(Object.keys(headers).length ? { headers } : {}),
+            };
+        }
+        if (cfg.command) {
+            return {
+                name,
+                type: 'stdio',
+                command: cfg.command,
+                args: cfg.args || [],
+                ...(cfg.env ? { env: cfg.env } : {}),
+            };
+        }
+        return null;
+    };
+    const userConfig = loadUserConfig();
+    const globalMcp = userConfig.extensions?.mcp;
+    if (globalMcp) {
+        for (const [name, cfg] of Object.entries(globalMcp)) {
+            if (cfg.enabled === false || cfg.disabled)
+                continue;
+            const entry = toEntry(name, cfg);
+            if (entry)
+                merged.set(name, entry);
+        }
+    }
+    if (workdir) {
+        const wsServers = readMcpJson(workspaceMcpJsonPath(workdir));
+        for (const [name, cfg] of Object.entries(wsServers)) {
+            if (cfg.disabled) {
+                merged.delete(name);
+                continue;
+            }
+            const entry = toEntry(name, cfg);
+            if (entry)
+                merged.set(name, entry);
+        }
+    }
+    return [...merged.values()];
+}
+const HEALTH_CACHE_TTL_MS = 10 * 60 * 1000;
+const healthCache = new Map();
+function healthFingerprint(config) {
+    return JSON.stringify({
+        type: config.type || 'stdio',
+        url: config.url,
+        command: config.command,
+        args: config.args,
+        hasEnv: !!config.env && Object.keys(config.env).length > 0,
+    });
+}
+export function getCachedHealth(id, config) {
+    const entry = healthCache.get(id);
+    if (!entry)
+        return undefined;
+    if (Date.now() - entry.cachedAt > HEALTH_CACHE_TTL_MS)
+        return undefined;
+    if (entry.fingerprint !== healthFingerprint(config))
+        return undefined;
+    return entry.result;
+}
+export function cacheHealth(id, config, result) {
+    healthCache.set(id, { result, fingerprint: healthFingerprint(config), cachedAt: Date.now() });
+}
+export async function checkMcpHealth(config, timeoutMs = 10_000) {
+    if (config.type === 'http') {
+        try {
+            const start = Date.now();
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), timeoutMs);
+            const res = await fetch(config.url, { signal: controller.signal, method: 'GET' });
+            clearTimeout(timer);
+            return { ok: res.ok || res.status === 405 || res.status === 401, elapsedMs: Date.now() - start };
+        }
+        catch (e) {
+            return { ok: false, error: e?.message || 'unreachable' };
+        }
+    }
+    if (!config.command)
+        return { ok: false, error: 'no command specified' };
+    return new Promise((resolve) => {
+        const start = Date.now();
+        let checkInterval = null;
+        const cleanup = () => {
+            if (checkInterval) {
+                clearInterval(checkInterval);
+                checkInterval = null;
+            }
+            clearTimeout(timer);
+        };
+        const child = spawn(config.command, config.args || [], {
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: { ...process.env, ...config.env },
+        });
+        const timer = setTimeout(() => {
+            cleanup();
+            child.kill();
+            resolve({ ok: false, error: `timeout after ${timeoutMs}ms`, elapsedMs: Date.now() - start });
+        }, timeoutMs);
+        let stdout = '';
+        child.stdout?.on('data', (data) => { stdout += data.toString(); });
+        child.on('error', (err) => {
+            cleanup();
+            resolve({ ok: false, error: err.message, elapsedMs: Date.now() - start });
+        });
+        const initRequest = JSON.stringify({
+            jsonrpc: '2.0',
+            id: 1,
+            method: 'initialize',
+            params: {
+                protocolVersion: '2024-11-05',
+                capabilities: {},
+                clientInfo: { name: 'pikiloop-health-check', version: '1.0.0' },
+            },
+        });
+        const header = `Content-Length: ${Buffer.byteLength(initRequest)}\r\n\r\n`;
+        try {
+            child.stdin?.write(header + initRequest);
+        }
+        catch {
+            cleanup();
+            resolve({ ok: false, error: 'failed to write to stdin', elapsedMs: Date.now() - start });
+            return;
+        }
+        checkInterval = setInterval(() => {
+            const hasResponse = stdout.includes('"result"') || stdout.includes('"serverInfo"');
+            if (!hasResponse)
+                return;
+            cleanup();
+            const toolsRequest = JSON.stringify({
+                jsonrpc: '2.0',
+                id: 2,
+                method: 'tools/list',
+                params: {},
+            });
+            const toolsHeader = `Content-Length: ${Buffer.byteLength(toolsRequest)}\r\n\r\n`;
+            try {
+                child.stdin?.write(toolsHeader + toolsRequest);
+            }
+            catch { /* best-effort */ }
+            setTimeout(() => {
+                child.kill();
+                const tools = [];
+                try {
+                    const jsonMatches = stdout.match(/\{[^{}]*"tools"\s*:\s*\[[\s\S]*?\]\s*[^{}]*\}/g);
+                    if (jsonMatches) {
+                        for (const m of jsonMatches) {
+                            try {
+                                const parsed = JSON.parse(m);
+                                if (Array.isArray(parsed.tools)) {
+                                    for (const tool of parsed.tools)
+                                        if (tool.name)
+                                            tools.push(tool.name);
+                                }
+                                if (parsed.result?.tools) {
+                                    for (const tool of parsed.result.tools)
+                                        if (tool.name)
+                                            tools.push(tool.name);
+                                }
+                            }
+                            catch { /* try next match */ }
+                        }
+                    }
+                }
+                catch { /* best effort */ }
+                resolve({ ok: true, tools: tools.length ? tools : undefined, elapsedMs: Date.now() - start });
+            }, 1500);
+        }, 100);
+    });
+}