polydev-ai 1.9.19 → 1.9.21

package/mcp/manifest.json

@@ -98,6 +98,10 @@
             "minimum": 30,
             "maximum": 600,
             "default": 300
+          },
+          "user_token": {
+            "type": "string",
+            "description": "Polydev user token (pd_xxx). Use this in sandboxed environments (Cowork, containers) where browser login is unavailable. Get your token from https://polydev.ai/dashboard"
           }
         }
       },

package/mcp/stdio-wrapper.js

@@ -300,6 +300,9 @@ class StdioMCPWrapper {
     // Pending session file for surviving restarts
     this.PENDING_SESSION_FILE = path.join(os.homedir(), '.polydev-pending-session');
 
+    // Sandbox detection (Cowork, containers with limited disk/no browser)
+    this._isSandboxed = null; // lazy-detected
+
     // MCP client info (set during initialize handshake)
     // Used to detect which IDE is running us and exclude its CLI to avoid recursive calls
     this.clientInfo = null;
@@ -491,7 +494,18 @@ Token will be saved automatically after login.`
    */
   async handleLoginTool(params, id) {
     const crypto = require('crypto');
-    
+
+    // Accept user_token from params (essential for sandboxed environments like Cowork)
+    const inlineToken = params?.arguments?.user_token;
+    if (inlineToken && (inlineToken.startsWith('pd_') || inlineToken.startsWith('polydev_'))) {
+      console.error('[Polydev] Login via inline user_token');
+      this.userToken = inlineToken;
+      this.isAuthenticated = true;
+      process.env.POLYDEV_USER_TOKEN = inlineToken;
+      this.saveTokenToFiles(inlineToken);
+      return await this.fetchAuthStatusResponse(id);
+    }
+
     // Check if already authenticated - verify with server first
     if (this.isAuthenticated && this.userToken) {
       console.error('[Polydev] Token exists locally, verifying with server...');
@@ -525,9 +539,38 @@ To re-login: npx polydev-ai`
       this.userToken = null;
     }
     
+    // In sandboxed environments, don't try browser login — show token-paste instructions
+    if (this.isSandboxed()) {
+      console.error('[Polydev] Sandbox detected — browser login unavailable');
+      return {
+        jsonrpc: '2.0',
+        id,
+        result: {
+          content: [{
+            type: 'text',
+            text: `LOGIN - Sandboxed Environment
+==============================
+
+Browser login is not available in this environment (Cowork/container).
+
+To authenticate, use one of these methods:
+
+**Method 1: Pass token directly**
+  1. Get your token from https://polydev.ai/dashboard
+  2. Call login with user_token:
+
+     mcp__plugin_polydev_mcp__login({ user_token: "pd_your_token_here" })
+
+**Method 2: Set environment variable**
+  Set POLYDEV_USER_TOKEN=pd_your_token before starting the MCP server.`
+          }]
+        }
+      };
+    }
+
     // Generate unique session ID for polling-based auth
     const sessionId = crypto.randomBytes(32).toString('hex');
-    
+
     try {
       // Create session on server (with retry for transient network issues)
       let createResponse;
@@ -777,6 +820,28 @@ Dashboard: https://polydev.ai/dashboard`
    * @returns {object} JSON-RPC response
    */
   async triggerReAuth(id, reason = 'Token invalid or expired') {
+    // In sandboxed environments, browser login won't work — show token-paste instructions instead
+    if (this.isSandboxed()) {
+      console.error('[Polydev] Sandbox detected — skipping browser re-auth, showing token-paste instructions');
+      return {
+        jsonrpc: '2.0',
+        id,
+        result: {
+          content: [{
+            type: 'text',
+            text: `${reason}
+
+Browser login is not available in this environment (Cowork/container).
+
+To authenticate, pass your token directly:
+  1. Get your token from https://polydev.ai/dashboard
+  2. Call: mcp__plugin_polydev_mcp__get_auth_status({ user_token: "pd_your_token_here" })
+  3. Or: mcp__plugin_polydev_mcp__login({ user_token: "pd_your_token_here" })`
+          }]
+        }
+      };
+    }
+
     const crypto = require('crypto');
     const sessionId = crypto.randomBytes(32).toString('hex');
 
@@ -936,13 +1001,52 @@ Still waiting for login. Use /polydev:auth to check status after signing in.`
    * Handle get_auth_status tool - comprehensive status display
    */
   async handleGetAuthStatus(params, id) {
+    // Accept user_token from params (essential for sandboxed environments like Cowork)
+    const inlineToken = params?.arguments?.user_token;
+    if (inlineToken && (inlineToken.startsWith('pd_') || inlineToken.startsWith('polydev_'))) {
+      console.error('[Polydev] Using inline user_token from params');
+      this.userToken = inlineToken;
+      this.isAuthenticated = true;
+      process.env.POLYDEV_USER_TOKEN = inlineToken;
+      this.saveTokenToFiles(inlineToken); // safe — handles sandbox gracefully
+    }
+
     // Try to hot-reload token if not authenticated
     if (!this.isAuthenticated || !this.userToken) {
       this.reloadTokenFromFiles();
     }
-    
+
     if (!this.isAuthenticated || !this.userToken) {
-      // No token found anywhere — auto-trigger login instead of showing static message
+      // No token found — check if we're in a sandbox (Cowork, containers)
+      if (this.isSandboxed()) {
+        console.error('[Polydev] No token and sandboxed — showing token-paste instructions');
+        return {
+          jsonrpc: '2.0',
+          id,
+          result: {
+            content: [{
+              type: 'text',
+              text: `POLYDEV STATUS
+==============
+
+Authentication: Not connected (sandboxed environment detected)
+
+Browser login is not available in this environment.
+
+To authenticate, pass your token directly:
+  1. Get your token from https://polydev.ai/dashboard
+  2. Call get_auth_status with user_token parameter:
+
+     mcp__plugin_polydev_mcp__get_auth_status({ user_token: "pd_your_token_here" })
+
+  3. Or set the environment variable before starting:
+     POLYDEV_USER_TOKEN=pd_your_token_here`
+            }]
+          }
+        };
+      }
+
+      // Not sandboxed — auto-trigger browser login
       console.error('[Polydev] No token found, auto-triggering login flow...');
       return await this.triggerReAuth(id, 'Not authenticated. Opening browser for login...');
     }
@@ -1071,6 +1175,29 @@ To re-login: /polydev:login`
     }
   }
 
+  /**
+   * Detect if running in a sandboxed environment (Cowork, containers, etc.)
+   * where filesystem is read-only/limited and browser is unavailable.
+   * Result is cached after first check.
+   */
+  isSandboxed() {
+    if (this._isSandboxed !== null) return this._isSandboxed;
+
+    try {
+      // Try writing a test file to home directory
+      const testFile = path.join(os.homedir(), '.polydev-sandbox-test');
+      fs.writeFileSync(testFile, 'test');
+      fs.unlinkSync(testFile);
+      this._isSandboxed = false;
+    } catch (e) {
+      // ENOSPC, EROFS, EACCES all indicate sandbox-like constraints
+      console.error(`[Polydev] Sandbox detected: ${e.code || e.message}`);
+      this._isSandboxed = true;
+    }
+
+    return this._isSandboxed;
+  }
+
   /**
    * Open URL in browser - best-in-class cross-platform implementation
    * Uses 'open' npm package with fallbacks for reliability in MCP/stdio context
@@ -1133,27 +1260,39 @@ To re-login: /polydev:login`
    * Save token to shell config files
    */
   saveTokenToFiles(token) {
-    const shell = process.env.SHELL || '/bin/zsh';
-    const rcFile = shell.includes('zsh') ? path.join(os.homedir(), '.zshrc') :
-                   shell.includes('bash') ? path.join(os.homedir(), '.bashrc') :
-                   path.join(os.homedir(), '.profile');
+    if (this.isSandboxed()) {
+      // In sandbox, just set in-memory — can't write files
+      console.error('[Polydev] Sandbox: skipping file writes, token set in-memory only');
+      process.env.POLYDEV_USER_TOKEN = token;
+      return;
+    }
 
-    let content = '';
-    try { content = fs.readFileSync(rcFile, 'utf8'); } catch (e) {}
+    try {
+      const shell = process.env.SHELL || '/bin/zsh';
+      const rcFile = shell.includes('zsh') ? path.join(os.homedir(), '.zshrc') :
+                     shell.includes('bash') ? path.join(os.homedir(), '.bashrc') :
+                     path.join(os.homedir(), '.profile');
+
+      let content = '';
+      try { content = fs.readFileSync(rcFile, 'utf8'); } catch (e) {}
 
-    const lines = content.split('\n').filter(line =>
-      !line.trim().startsWith('export POLYDEV_USER_TOKEN') &&
-      !line.trim().startsWith('POLYDEV_USER_TOKEN')
-    );
+      const lines = content.split('\n').filter(line =>
+        !line.trim().startsWith('export POLYDEV_USER_TOKEN') &&
+        !line.trim().startsWith('POLYDEV_USER_TOKEN')
+      );
 
-    lines.push(`export POLYDEV_USER_TOKEN="${token}"`);
-    fs.writeFileSync(rcFile, lines.join('\n').replace(/\n+$/, '') + '\n');
+      lines.push(`export POLYDEV_USER_TOKEN="${token}"`);
+      fs.writeFileSync(rcFile, lines.join('\n').replace(/\n+$/, '') + '\n');
 
-    // Also save to .polydev.env
-    const envFile = path.join(os.homedir(), '.polydev.env');
-    fs.writeFileSync(envFile, `POLYDEV_USER_TOKEN="${token}"\n`);
+      // Also save to .polydev.env
+      const envFile = path.join(os.homedir(), '.polydev.env');
+      fs.writeFileSync(envFile, `POLYDEV_USER_TOKEN="${token}"\n`);
 
-    console.error(`[Polydev] Token saved to ${rcFile} and ${envFile}`);
+      console.error(`[Polydev] Token saved to ${rcFile} and ${envFile}`);
+    } catch (e) {
+      console.error(`[Polydev] Could not write token to files (${e.code || e.message}), set in-memory only`);
+      process.env.POLYDEV_USER_TOKEN = token;
+    }
   }
 
   /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polydev-ai",
-  "version": "1.9.19",
+  "version": "1.9.21",
   "engines": {
     "node": ">=20.x <=22.x"
   },