polydev-ai 1.9.18 → 1.9.20

package/mcp/manifest.json

@@ -98,6 +98,10 @@
             "minimum": 30,
             "maximum": 600,
             "default": 300
+          },
+          "user_token": {
+            "type": "string",
+            "description": "Polydev user token (pd_xxx). Use this in sandboxed environments (Cowork, containers) where browser login is unavailable. Get your token from https://polydev.ai/dashboard"
           }
         }
       },

package/mcp/stdio-wrapper.js

@@ -300,6 +300,9 @@ class StdioMCPWrapper {
     // Pending session file for surviving restarts
     this.PENDING_SESSION_FILE = path.join(os.homedir(), '.polydev-pending-session');
 
+    // Sandbox detection (Cowork, containers with limited disk/no browser)
+    this._isSandboxed = null; // lazy-detected
+
     // MCP client info (set during initialize handshake)
     // Used to detect which IDE is running us and exclude its CLI to avoid recursive calls
     this.clientInfo = null;
@@ -491,7 +494,18 @@ Token will be saved automatically after login.`
    */
   async handleLoginTool(params, id) {
     const crypto = require('crypto');
-    
+
+    // Accept user_token from params (essential for sandboxed environments like Cowork)
+    const inlineToken = params?.arguments?.user_token;
+    if (inlineToken && (inlineToken.startsWith('pd_') || inlineToken.startsWith('polydev_'))) {
+      console.error('[Polydev] Login via inline user_token');
+      this.userToken = inlineToken;
+      this.isAuthenticated = true;
+      process.env.POLYDEV_USER_TOKEN = inlineToken;
+      this.saveTokenToFiles(inlineToken);
+      return await this.fetchAuthStatusResponse(id);
+    }
+
     // Check if already authenticated - verify with server first
     if (this.isAuthenticated && this.userToken) {
       console.error('[Polydev] Token exists locally, verifying with server...');
@@ -525,9 +539,38 @@ To re-login: npx polydev-ai`
       this.userToken = null;
     }
     
+    // In sandboxed environments, don't try browser login — show token-paste instructions
+    if (this.isSandboxed()) {
+      console.error('[Polydev] Sandbox detected — browser login unavailable');
+      return {
+        jsonrpc: '2.0',
+        id,
+        result: {
+          content: [{
+            type: 'text',
+            text: `LOGIN - Sandboxed Environment
+==============================
+
+Browser login is not available in this environment (Cowork/container).
+
+To authenticate, use one of these methods:
+
+**Method 1: Pass token directly**
+  1. Get your token from https://polydev.ai/dashboard
+  2. Call login with user_token:
+
+     mcp__plugin_polydev_mcp__login({ user_token: "pd_your_token_here" })
+
+**Method 2: Set environment variable**
+  Set POLYDEV_USER_TOKEN=pd_your_token before starting the MCP server.`
+          }]
+        }
+      };
+    }
+
     // Generate unique session ID for polling-based auth
     const sessionId = crypto.randomBytes(32).toString('hex');
-    
+
     try {
       // Create session on server (with retry for transient network issues)
       let createResponse;
@@ -845,14 +888,16 @@ Still waiting for login. Use /polydev:auth to check status after signing in.`
         }
       };
     } catch (error) {
-      const cause = error.cause ? ` (${error.cause.code || error.cause.message || error.cause})` : '';
+      const errCode = error.cause?.code || error.code || '';
+      const cause = errCode ? ` (${errCode})` : (error.cause?.message ? ` (${error.cause.message})` : '');
+      console.error(`[Polydev] Re-auth failed: ${error.message}${cause}`);
       return {
         jsonrpc: '2.0',
         id,
         result: {
           content: [{
             type: 'text',
-            text: `${reason}\n\nCould not reach server: ${error.message}${cause}\nPlease run: npx polydev-ai`
+            text: `${reason}\n\nCould not reach Polydev server: ${error.message}${cause}\n\nTroubleshooting:\n  1. Check your internet connection\n  2. Try: /polydev:login\n  3. Or run in terminal: npx polydev-ai`
           }],
           isError: true
         }
@@ -934,31 +979,54 @@ Still waiting for login. Use /polydev:auth to check status after signing in.`
    * Handle get_auth_status tool - comprehensive status display
    */
   async handleGetAuthStatus(params, id) {
+    // Accept user_token from params (essential for sandboxed environments like Cowork)
+    const inlineToken = params?.arguments?.user_token;
+    if (inlineToken && (inlineToken.startsWith('pd_') || inlineToken.startsWith('polydev_'))) {
+      console.error('[Polydev] Using inline user_token from params');
+      this.userToken = inlineToken;
+      this.isAuthenticated = true;
+      process.env.POLYDEV_USER_TOKEN = inlineToken;
+      this.saveTokenToFiles(inlineToken); // safe — handles sandbox gracefully
+    }
+
     // Try to hot-reload token if not authenticated
     if (!this.isAuthenticated || !this.userToken) {
       this.reloadTokenFromFiles();
     }
-    
+
     if (!this.isAuthenticated || !this.userToken) {
-      return {
-        jsonrpc: '2.0',
-        id,
-        result: {
-          content: [{
-            type: 'text',
-            text: `POLYDEV STATUS
+      // No token found — check if we're in a sandbox (Cowork, containers)
+      if (this.isSandboxed()) {
+        console.error('[Polydev] No token and sandboxed — showing token-paste instructions');
+        return {
+          jsonrpc: '2.0',
+          id,
+          result: {
+            content: [{
+              type: 'text',
+              text: `POLYDEV STATUS
 ==============
 
-Authentication: Not connected
+Authentication: Not connected (sandboxed environment detected)
 
-To login:
-  1. Use the "login" tool (opens browser)
-  2. Or run: npx polydev-ai
+Browser login is not available in this environment.
 
-Token will be saved automatically after login.`
-          }]
-        }
-      };
+To authenticate, pass your token directly:
+  1. Get your token from https://polydev.ai/dashboard
+  2. Call get_auth_status with user_token parameter:
+
+     mcp__plugin_polydev_mcp__get_auth_status({ user_token: "pd_your_token_here" })
+
+  3. Or set the environment variable before starting:
+     POLYDEV_USER_TOKEN=pd_your_token_here`
+            }]
+          }
+        };
+      }
+
+      // Not sandboxed — auto-trigger browser login
+      console.error('[Polydev] No token found, auto-triggering login flow...');
+      return await this.triggerReAuth(id, 'Not authenticated. Opening browser for login...');
     }
 
     try {
@@ -1053,6 +1121,16 @@ Configure: https://polydev.ai/dashboard/models`
         return await this.triggerReAuth(id, 'Token invalid or expired.');
       }
     } catch (error) {
+      // Categorize the error for clearer user messaging
+      const errCode = error.cause?.code || error.code || '';
+      const isNetwork = ['ECONNREFUSED', 'ENOTFOUND', 'ETIMEDOUT', 'ECONNRESET', 'UND_ERR_CONNECT_TIMEOUT', 'FETCH_ERROR'].includes(errCode)
+        || error.message?.includes('fetch') || error.message?.includes('network');
+      const errorDetail = isNetwork
+        ? `Network error: ${error.message}${errCode ? ` (${errCode})` : ''}\nCheck your internet connection and try again.`
+        : `Error: ${error.message}${errCode ? ` (${errCode})` : ''}`;
+
+      console.error(`[Polydev] Auth status check failed: ${error.message} (code: ${errCode})`);
+
       return {
         jsonrpc: '2.0',
         id,
@@ -1062,9 +1140,12 @@ Configure: https://polydev.ai/dashboard/models`
             text: `POLYDEV STATUS
 ==============
 
-Could not verify status (offline?)
+Could not verify authentication status.
+
+${errorDetail}
 
-Error: ${error.message}`
+To retry: /polydev:auth
+To re-login: /polydev:login`
           }],
           isError: true
         }
@@ -1072,6 +1153,29 @@ Error: ${error.message}`
     }
   }
 
+  /**
+   * Detect if running in a sandboxed environment (Cowork, containers, etc.)
+   * where filesystem is read-only/limited and browser is unavailable.
+   * Result is cached after first check.
+   */
+  isSandboxed() {
+    if (this._isSandboxed !== null) return this._isSandboxed;
+
+    try {
+      // Try writing a test file to home directory
+      const testFile = path.join(os.homedir(), '.polydev-sandbox-test');
+      fs.writeFileSync(testFile, 'test');
+      fs.unlinkSync(testFile);
+      this._isSandboxed = false;
+    } catch (e) {
+      // ENOSPC, EROFS, EACCES all indicate sandbox-like constraints
+      console.error(`[Polydev] Sandbox detected: ${e.code || e.message}`);
+      this._isSandboxed = true;
+    }
+
+    return this._isSandboxed;
+  }
+
   /**
    * Open URL in browser - best-in-class cross-platform implementation
    * Uses 'open' npm package with fallbacks for reliability in MCP/stdio context
@@ -1134,27 +1238,39 @@ Error: ${error.message}`
    * Save token to shell config files
    */
   saveTokenToFiles(token) {
-    const shell = process.env.SHELL || '/bin/zsh';
-    const rcFile = shell.includes('zsh') ? path.join(os.homedir(), '.zshrc') :
-                   shell.includes('bash') ? path.join(os.homedir(), '.bashrc') :
-                   path.join(os.homedir(), '.profile');
+    if (this.isSandboxed()) {
+      // In sandbox, just set in-memory — can't write files
+      console.error('[Polydev] Sandbox: skipping file writes, token set in-memory only');
+      process.env.POLYDEV_USER_TOKEN = token;
+      return;
+    }
 
-    let content = '';
-    try { content = fs.readFileSync(rcFile, 'utf8'); } catch (e) {}
+    try {
+      const shell = process.env.SHELL || '/bin/zsh';
+      const rcFile = shell.includes('zsh') ? path.join(os.homedir(), '.zshrc') :
+                     shell.includes('bash') ? path.join(os.homedir(), '.bashrc') :
+                     path.join(os.homedir(), '.profile');
+
+      let content = '';
+      try { content = fs.readFileSync(rcFile, 'utf8'); } catch (e) {}
 
-    const lines = content.split('\n').filter(line =>
-      !line.trim().startsWith('export POLYDEV_USER_TOKEN') &&
-      !line.trim().startsWith('POLYDEV_USER_TOKEN')
-    );
+      const lines = content.split('\n').filter(line =>
+        !line.trim().startsWith('export POLYDEV_USER_TOKEN') &&
+        !line.trim().startsWith('POLYDEV_USER_TOKEN')
+      );
 
-    lines.push(`export POLYDEV_USER_TOKEN="${token}"`);
-    fs.writeFileSync(rcFile, lines.join('\n').replace(/\n+$/, '') + '\n');
+      lines.push(`export POLYDEV_USER_TOKEN="${token}"`);
+      fs.writeFileSync(rcFile, lines.join('\n').replace(/\n+$/, '') + '\n');
 
-    // Also save to .polydev.env
-    const envFile = path.join(os.homedir(), '.polydev.env');
-    fs.writeFileSync(envFile, `POLYDEV_USER_TOKEN="${token}"\n`);
+      // Also save to .polydev.env
+      const envFile = path.join(os.homedir(), '.polydev.env');
+      fs.writeFileSync(envFile, `POLYDEV_USER_TOKEN="${token}"\n`);
 
-    console.error(`[Polydev] Token saved to ${rcFile} and ${envFile}`);
+      console.error(`[Polydev] Token saved to ${rcFile} and ${envFile}`);
+    } catch (e) {
+      console.error(`[Polydev] Could not write token to files (${e.code || e.message}), set in-memory only`);
+      process.env.POLYDEV_USER_TOKEN = token;
+    }
   }
 
   /**
@@ -1831,7 +1947,7 @@ Error: ${error.message}`
         // Detect if we should exclude the current IDE's CLI to avoid recursive calls
         const excludedCli = this.getExcludedCliForCurrentIDE();
         if (excludedCli) {
-          console.error(`[Stdio Wrapper] Excluding CLI '${excludedCli}' (current IDE: ${this.clientInfo?.name}) to avoid recursive calls`);
+          console.error(`[Stdio Wrapper] [CLI-FIRST] Skipping ${excludedCli} (same as current IDE — would cause recursive call)`);
         }
 
         // Build merged provider list: CLIs first, then API-only
@@ -1901,7 +2017,7 @@ Error: ${error.message}`
         console.error(`[Stdio Wrapper] Provider breakdown: CLI=${cliProviderEntries.map(p => p.cliId).join(', ') || 'none'}, API-only=${apiOnlyProviders.map(p => p.provider).join(', ') || 'none'}`);
         
         // Run ALL CLI prompts concurrently with fast-collect pattern
-        // Resolves once we have maxPerspectives successes (don't wait for slow CLIs)
+        // Resolves once we have maxPerspectives successes OR all complete
         if (cliProviderEntries.length > 0) {
           const cliPromises = cliProviderEntries.map(async (providerEntry) => {
             try {
@@ -1953,7 +2069,7 @@ Error: ${error.message}`
             }
           });
           
-          // Fast-collect: resolve once we have maxPerspectives successes OR all complete
+          // Fast-collect: resolve early once we have maxPerspectives successes OR all complete
           localResults = await this.collectFirstNSuccesses(cliPromises, maxPerspectives);
           console.error(`[Stdio Wrapper] Fast-collect: got ${localResults.filter(r => r.success).length} successful, ${localResults.filter(r => !r.success).length} failed out of ${cliPromises.length} CLIs`);
         }
@@ -2664,7 +2780,7 @@ Error: ${error.message}`
         const staleProviders = [];
         for (const [providerId, status] of Object.entries(currentStatus)) {
           if (this.isStale(status)) {
-            const minutesOld = Math.floor((new Date().getTime() - new Date(status.last_checked).getTime()) / (1000 * 60));
+            const minutesOld = Math.floor((now.getTime() - lastChecked.getTime()) / (1000 * 60));
             const timeout = this.getSmartTimeout(status);
             staleProviders.push({ providerId, minutesOld, timeout });
           }
@@ -3153,16 +3269,18 @@ Dashboard: https://polydev.ai/dashboard`
         console.error(`Credits: ${credits} | Tier: ${tier}`);
         console.error('─'.repeat(50) + '\n');
       } else {
-        this.isAuthenticated = false;
+        // Don't clear isAuthenticated here — handleGetAuthStatus has its own
+        // verification and triggerReAuth logic. Clearing here causes a race condition
+        // where startup verification can invalidate auth before the user checks status.
         console.error('─'.repeat(50));
-        console.error('Polydev - Token Invalid');
+        console.error('Polydev - Token may be invalid');
         console.error('─'.repeat(50));
-        console.error('Your token may have expired.');
+        console.error('Server returned non-OK. Will re-verify on next auth check.');
         console.error('Use the "login" tool or run: npx polydev-ai login');
         console.error('─'.repeat(50) + '\n');
       }
     } catch (error) {
-      console.error('[Polydev] Could not verify auth (offline?)');
+      console.error('[Polydev] Could not verify auth (offline?):', error.message || 'unknown');
     }
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polydev-ai",
-  "version": "1.9.18",
+  "version": "1.9.20",
   "engines": {
     "node": ">=20.x <=22.x"
   },