poke-gate 0.3.2 → 0.3.5

package/.github/copilot-desktop.yml

@@ -0,0 +1,8 @@
+scripts:
+- name: xcode-build
+  command: cd "clients/Poke macOS Gate" && xcodebuild -scheme "Poke macOS Gate" -configuration Debug -destination 'platform=macOS' build | xcpretty || xcodebuild -scheme "Poke macOS Gate" -configuration Debug -destination 'platform=macOS' build
+- name: xcode-run-simulator
+  command: cd "clients/Poke macOS Gate" && xcodebuild -scheme "Poke macOS Gate" -configuration Debug -destination 'platform=macOS' build && APP_PATH=$(find ~/Library/Developer/Xcode/DerivedData -name "Poke macOS Gate.app" -type d 2>/dev/null | head -1) && [ -n "$APP_PATH" ] && open "$APP_PATH"
+automation:
+  auto_pr_review: false
+  auto_issue_session: true

package/.github/workflows/npm.yml

@@ -5,6 +5,10 @@ on:
     tags:
       - 'v*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -18,7 +22,14 @@ jobs:
           node-version: 22
           registry-url: https://registry.npmjs.org
 
+      - name: Verify tag matches package version
+        run: |
+          TAG_VERSION="${GITHUB_REF_NAME#v}"
+          PACKAGE_VERSION="$(node -p "require('./package.json').version")"
+          if [[ "${TAG_VERSION}" != "${PACKAGE_VERSION}" ]]; then
+            echo "Tag version ${TAG_VERSION} does not match package.json version ${PACKAGE_VERSION}."
+            exit 1
+          fi
+
       - name: Publish
-        run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --access public --provenance

package/.github/workflows/release.yml

@@ -139,7 +139,10 @@ jobs:
           fi
 
           VERSION_NUM="${VERSION#v}"
-          git clone https://x-access-token:${TAP_REPO_TOKEN_HOMEBREW}@github.com/f/homebrew-tap.git tap
+          if ! git clone https://x-access-token:${TAP_REPO_TOKEN_HOMEBREW}@github.com/f/homebrew-tap.git tap; then
+            echo "::warning::Skipping Homebrew tap update because cloning f/homebrew-tap failed."
+            exit 0
+          fi
           mkdir -p tap/Casks
           cat > tap/Casks/poke-gate.rb << EOF
           cask "poke-gate" do
@@ -170,5 +173,12 @@ jobs:
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           git add .
+          if git diff --cached --quiet; then
+            echo "Homebrew cask is already up to date."
+            exit 0
+          fi
           git commit -m "Update poke-gate to ${VERSION}"
-          git push
+          if ! git push; then
+            echo "::warning::Skipping Homebrew tap update because pushing to f/homebrew-tap failed."
+            exit 0
+          fi

package/clients/Poke macOS Gate/Poke macOS Gate/GateService.swift

@@ -507,13 +507,17 @@ class GateService: ObservableObject {
 
         proc.executableURL = URL(fileURLWithPath: "/bin/zsh")
         proc.arguments = ["-c", "\(npxBin) -y poke-gate@latest --verbose"]
-        proc.environment = ProcessInfo.processInfo.environment.merging(
+        var environment = ProcessInfo.processInfo.environment.merging(
             [
                 "PATH": fullPath,
                 "POKE_GATE_PERMISSION_MODE": permissionMode.rawValue,
             ],
             uniquingKeysWith: { _, new in new }
         )
+        if let token = resolveToken() {
+            environment["POKE_API_KEY"] = token
+        }
+        proc.environment = environment
         proc.standardOutput = pipe
         proc.standardError = pipe
         proc.currentDirectoryURL = FileManager.default.homeDirectoryForCurrentUser
@@ -556,7 +560,7 @@ class GateService: ObservableObject {
     private func killOrphanedProcesses() {
         let task = Process()
         task.executableURL = URL(fileURLWithPath: "/usr/bin/pkill")
-        task.arguments = ["-f", "node.*poke-gate.*app\\.js"]
+        task.arguments = ["-f", "node .*((poke-gate.*app\\.js)|(\\.bin/poke-gate))"]
         try? task.run()
         task.waitUntilExit()
     }

package/clients/Poke macOS Gate/Poke macOS Gate.xcodeproj/project.pbxproj

@@ -286,7 +286,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 15.0;
-				MARKETING_VERSION = 0.3.1;
+				MARKETING_VERSION = 0.3.4;
 				PRODUCT_BUNDLE_IDENTIFIER = "dev.fka.Poke-macOS-Gate";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
@@ -322,7 +322,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 15.0;
-				MARKETING_VERSION = 0.3.1;
+				MARKETING_VERSION = 0.3.4;
 				PRODUCT_BUNDLE_IDENTIFIER = "dev.fka.Poke-macOS-Gate";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "poke-gate",
-  "version": "0.3.2",
+  "version": "0.3.5",
   "description": "Expose your machine to your Poke AI assistant via MCP tunnel",
   "type": "module",
   "bin": {
-    "poke-gate": "./bin/poke-gate.js"
+    "poke-gate": "bin/poke-gate.js"
   },
   "scripts": {
     "start": "node src/app.js",

package/src/app.js

@@ -2,7 +2,7 @@ import { startMcpServer, enableLogging, getPermissionMode } from "./mcp-server.j
 import { startTunnel } from "./tunnel.js";
 import { startAgentScheduler, stopAgentScheduler } from "./agents.js";
 import { sendToWebhook } from "./webhook.js";
-import { isLoggedIn, login, getToken } from "poke";
+import { ensurePokeAuthenticated } from "./poke-auth.js";
 import { execSync } from "node:child_process";
 
 const verbose = process.argv.includes("--verbose") || process.argv.includes("-v");
@@ -12,8 +12,28 @@ function killExistingInstances() {
   const myPid = process.pid;
   const ppid = process.ppid;
   try {
-    const out = execSync("pgrep -f 'node.*poke-gate.*app\\.js'", { encoding: "utf-8" }).trim();
-    const pids = out.split("\n").map(Number).filter((p) => p && p !== myPid && p !== ppid);
+    const out = execSync("ps -axo pid=,ppid=,command=", { encoding: "utf-8" }).trim();
+    const pids = out
+      .split("\n")
+      .map((line) => {
+        const match = line.trim().match(/^(\d+)\s+(\d+)\s+(.+)$/);
+        if (!match) return null;
+        const [, pid, parentPid, command] = match;
+        return { pid: Number(pid), parentPid: Number(parentPid), command };
+      })
+      .filter((processInfo) => {
+        if (!processInfo || processInfo.pid === myPid || processInfo.pid === ppid || processInfo.parentPid === myPid) return false;
+        return (
+          processInfo.command.includes("node ") &&
+          processInfo.command.includes("poke-gate") &&
+          (
+            processInfo.command.includes("app.js") ||
+            processInfo.command.includes(".bin/poke-gate") ||
+            processInfo.command.includes("/bin/poke-gate")
+          )
+        );
+      })
+      .map(({ pid }) => pid);
     for (const pid of pids) {
       try { process.kill(pid, "SIGTERM"); } catch {}
     }
@@ -31,17 +51,7 @@ function sleep(ms) {
 }
 
 async function ensureAuthenticated() {
-  if (!isLoggedIn()) {
-    log("Signing in to Poke...");
-    await login();
-  }
-
-  const token = getToken();
-  if (!token) {
-    throw new Error("Authentication failed: no token returned by Poke SDK.");
-  }
-
-  return token;
+  return ensurePokeAuthenticated({ onLogin: () => log("Signing in to Poke...") });
 }
 
 let currentTunnel = null;
@@ -60,6 +70,7 @@ async function connectWithRetry(mcpUrl, token) {
 
       const { tunnel } = await startTunnel({
         mcpUrl,
+        token,
         onEvent: (type, data) => {
           switch (type) {
             case "connected":

package/src/mcp-server.js

@@ -847,12 +847,29 @@ function readBody(req) {
   });
 }
 
+function writeMcpEventStream(req, res) {
+  const sessionId = extractSessionId(req);
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache, no-transform",
+    Connection: "keep-alive",
+    "Mcp-Session-Id": sessionId,
+  });
+  res.write(": connected\n\n");
+
+  const keepAlive = setInterval(() => {
+    res.write(": keepalive\n\n");
+  }, 25_000);
+
+  req.on("close", () => clearInterval(keepAlive));
+}
+
 export function startMcpServer(port = 0) {
   return new Promise((resolve, reject) => {
     const httpServer = http.createServer(async (req, res) => {
       res.setHeader("Access-Control-Allow-Origin", "*");
       res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
-      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id, Accept");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id, Accept, X-Poke-User-Id");
       res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
 
       if (req.method === "OPTIONS") {
@@ -863,12 +880,27 @@ export function startMcpServer(port = 0) {
 
       const url = new URL(req.url, "http://localhost");
 
+      if (url.pathname === "/mcp" && req.method === "GET") {
+        const accept = req.headers.accept || "";
+        if (accept.includes("text/event-stream")) {
+          writeMcpEventStream(req, res);
+        } else {
+          res.writeHead(405, { "Content-Type": "text/plain", Allow: "POST, OPTIONS" });
+          res.end("MCP endpoint expects POST, or GET with Accept: text/event-stream");
+        }
+        return;
+      }
+
       if (url.pathname === "/mcp" && req.method === "POST") {
         try {
           const body = await readBody(req);
           const parsed = JSON.parse(body);
 
           const sessionId = extractSessionId(req);
+          const responseHeaders = {
+            "Content-Type": "application/json",
+            "Mcp-Session-Id": sessionId,
+          };
 
           if (Array.isArray(parsed)) {
             const results = [];
@@ -878,17 +910,17 @@ export function startMcpServer(port = 0) {
               const resolved = r instanceof Promise ? await r : r;
               if (resolved) results.push(resolved);
             }
-            res.writeHead(200, { "Content-Type": "application/json" });
+            res.writeHead(200, responseHeaders);
             res.end(JSON.stringify(results));
           } else {
             const m = { ...parsed, __context: { sessionId } };
             let result = handleJsonRpc(m);
             if (result instanceof Promise) result = await result;
             if (result) {
-              res.writeHead(200, { "Content-Type": "application/json" });
+              res.writeHead(200, responseHeaders);
               res.end(JSON.stringify(result));
             } else {
-              res.writeHead(204);
+              res.writeHead(204, { "Mcp-Session-Id": sessionId });
               res.end();
             }
           }

package/src/poke-auth.js

@@ -0,0 +1,25 @@
+import { getToken, isLoggedIn, login } from "poke";
+
+export function resolvePokeToken(options = {}) {
+  const { env = process.env } = options;
+  const loginToken = Object.hasOwn(options, "token") ? options.token : getToken();
+  return env.POKE_API_KEY || loginToken;
+}
+
+export function getPokeAuthToken() {
+  return resolvePokeToken();
+}
+
+export async function ensurePokeAuthenticated({ onLogin } = {}) {
+  if (!getPokeAuthToken() && !isLoggedIn()) {
+    onLogin?.();
+    await login();
+  }
+
+  const token = getPokeAuthToken();
+  if (!token) {
+    throw new Error("Authentication failed: no token returned by Poke SDK.");
+  }
+
+  return token;
+}

package/src/tunnel.js

@@ -1,4 +1,4 @@
-import { PokeTunnel, getToken } from "poke";
+import { PokeTunnel } from "poke";
 import { loadState, saveState } from "./webhook.js";
 
 function log(msg) {
@@ -6,8 +6,7 @@ function log(msg) {
   console.log(`[${ts}] ${msg}`);
 }
 
-async function cleanupStaleConnections() {
-  const token = getToken();
+async function cleanupStaleConnections(token) {
   if (!token) return;
   const base = process.env.POKE_API ?? "https://poke.com/api/v1";
   const state = loadState();
@@ -35,10 +34,9 @@ async function cleanupStaleConnections() {
   saveState({ webhookUrl, webhookToken });
 }
 
-export async function startTunnel({ mcpUrl, onEvent }) {
-  await cleanupStaleConnections();
+export async function startTunnel({ mcpUrl, token, onEvent }) {
+  await cleanupStaleConnections(token);
 
-  const token = getToken();
   if (!token) {
     throw new Error("No Poke auth token available for tunnel.");
   }

package/src/webhook.js

@@ -1,7 +1,8 @@
 import { readFileSync, writeFileSync, mkdirSync } from "node:fs";
 import { join } from "node:path";
 import { homedir } from "node:os";
-import { Poke, getToken } from "poke";
+import { Poke } from "poke";
+import { getPokeAuthToken } from "./poke-auth.js";
 
 const CONFIG_DIR = process.env.XDG_CONFIG_HOME || join(homedir(), ".config");
 const STATE_PATH = join(CONFIG_DIR, "poke-gate", "state.json");
@@ -25,10 +26,10 @@ export async function getWebhook() {
     return { webhookUrl: state.webhookUrl, webhookToken: state.webhookToken };
   }
 
-  const token = getToken();
+  const token = getPokeAuthToken();
   if (!token) throw new Error("No Poke auth token available.");
 
-  const poke = new Poke({ token });
+  const poke = new Poke({ apiKey: token });
   const result = await poke.createWebhook({ condition: "poke-gate", action: "poke-gate" });
 
   const webhook = { webhookUrl: result.webhookUrl, webhookToken: result.webhookToken };
@@ -38,6 +39,9 @@ export async function getWebhook() {
 
 export async function sendToWebhook(message) {
   const { webhookUrl, webhookToken } = await getWebhook();
-  const poke = new Poke({ token: getToken() });
+  const token = getPokeAuthToken();
+  if (!token) throw new Error("No Poke auth token available.");
+
+  const poke = new Poke({ apiKey: token });
   return poke.sendWebhook({ webhookUrl, webhookToken, data: { message } });
 }

package/test/mcp-server-transport.test.js

@@ -0,0 +1,70 @@
+import assert from "node:assert/strict";
+import http from "node:http";
+import test from "node:test";
+
+import { startMcpServer } from "../src/mcp-server.js";
+
+function request({ port, method = "GET", path = "/", headers = {}, body }) {
+  return new Promise((resolve, reject) => {
+    const req = http.request({ hostname: "127.0.0.1", port, method, path, headers }, (res) => {
+      let data = "";
+      res.on("data", (chunk) => {
+        data += chunk;
+        if (headers.Accept === "text/event-stream") {
+          req.destroy();
+        }
+      });
+      res.on("end", () => resolve({ res, body: data }));
+      res.on("close", () => resolve({ res, body: data }));
+    });
+    req.on("error", (error) => {
+      if (headers.Accept === "text/event-stream") return;
+      reject(error);
+    });
+    if (body) req.write(body);
+    req.end();
+  });
+}
+
+test("MCP POST responses include session id header", async () => {
+  const { httpServer, port } = await startMcpServer();
+  try {
+    const { res, body } = await request({
+      port,
+      method: "POST",
+      path: "/mcp",
+      headers: {
+        "Content-Type": "application/json",
+        "Mcp-Session-Id": "session-1",
+      },
+      body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list", params: {} }),
+    });
+
+    assert.equal(res.statusCode, 200);
+    assert.equal(res.headers["mcp-session-id"], "session-1");
+    assert.equal(JSON.parse(body).result.tools.length > 0, true);
+  } finally {
+    httpServer.close();
+  }
+});
+
+test("MCP GET supports event stream transport", async () => {
+  const { httpServer, port } = await startMcpServer();
+  try {
+    const { res, body } = await request({
+      port,
+      path: "/mcp",
+      headers: {
+        Accept: "text/event-stream",
+        "Mcp-Session-Id": "session-2",
+      },
+    });
+
+    assert.equal(res.statusCode, 200);
+    assert.equal(res.headers["content-type"], "text/event-stream");
+    assert.equal(res.headers["mcp-session-id"], "session-2");
+    assert.match(body, /: connected/);
+  } finally {
+    httpServer.close();
+  }
+});

package/test/poke-auth.test.js

@@ -0,0 +1,16 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+
+import { resolvePokeToken } from "../src/poke-auth.js";
+
+test("POKE_API_KEY takes precedence over login token", () => {
+  assert.equal(resolvePokeToken({ env: { POKE_API_KEY: "from-env" }, token: "from-login" }), "from-env");
+});
+
+test("login token is used when POKE_API_KEY is not set", () => {
+  assert.equal(resolvePokeToken({ env: {}, token: "from-login" }), "from-login");
+});
+
+test("missing env and login token resolves to undefined", () => {
+  assert.equal(resolvePokeToken({ env: {}, token: undefined }), undefined);
+});