polydev-ai 1.9.26 → 1.9.28

package/mcp/stdio-wrapper.js

@@ -155,9 +155,6 @@ if (writableTmp) {
  * Strips: provider info, approval, sandbox, reasoning, session id, MCP errors, etc.
  * 
  * Codex CLI output structure:
- *   [metadata] → user → [echoed prompt] → thinking → [status] → codex → [RESPONSE] → tokens used → [count]
- * 
- * Claude Code output structure:
  *   [may include JSON or plain text response]
  */
 function cleanCliResponse(content) {
@@ -1046,9 +1043,28 @@ To authenticate, pass your token directly:
         };
       }
 
-      // Not sandboxed — auto-trigger browser login
-      console.error('[Polydev] No token found, auto-triggering login flow...');
-      return await this.triggerReAuth(id, 'Not authenticated. Opening browser for login...');
+      // Not sandboxed — tell user to use login tool (don't auto-open browser)
+      console.error('[Polydev] No token found, prompting user to login');
+      return {
+        jsonrpc: '2.0',
+        id,
+        result: {
+          content: [{
+            type: 'text',
+            text: `POLYDEV STATUS
+==============
+
+Authentication: Not connected
+
+To login:
+  1. Use the "login" tool (opens browser)
+  2. Or run: npx polydev-ai
+
+Token will be saved automatically after login.`
+          }],
+          isError: true
+        }
+      };
     }
 
     try {
@@ -1138,9 +1154,26 @@ Configure: https://polydev.ai/dashboard/models`
           }
         };
       } else {
-        // Token invalid/expired - auto-trigger re-authentication
-        console.error('[Polydev] Auth status: token invalid/expired, auto-triggering re-auth...');
-        return await this.triggerReAuth(id, 'Token invalid or expired.');
+        // Token invalid/expired - tell user to re-login (don't auto-open browser)
+        console.error('[Polydev] Auth status: token invalid/expired');
+        return {
+          jsonrpc: '2.0',
+          id,
+          result: {
+            content: [{
+              type: 'text',
+              text: `POLYDEV STATUS
+==============
+
+Authentication: Token invalid or expired
+
+To re-authenticate:
+  1. Use the "login" tool (opens browser)
+  2. Or run: npx polydev-ai`
+            }],
+            isError: true
+          }
+        };
       }
     } catch (error) {
       // Categorize the error for clearer user messaging
@@ -1566,76 +1599,64 @@ To re-login: /polydev:login`
 </html>`;
   }
 
-  async forwardToRemoteServer(request) {
-    console.error(`[Stdio Wrapper] Forwarding request to remote server`);
-
-    try {
-      // Use AbortController for timeout if available, otherwise rely on fetch timeout
-      const controller = typeof AbortController !== 'undefined' ? new AbortController() : null;
-      const timeoutId = controller ? setTimeout(() => controller.abort(), 400000) : null; // 400s timeout
-
-      const response = await fetch('https://www.polydev.ai/api/mcp', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'Authorization': `Bearer ${this.userToken}`,
-          'User-Agent': 'polydev-stdio-wrapper/1.0.0'
-        },
-        body: JSON.stringify(request),
-        ...(controller ? { signal: controller.signal } : {})
-      });
-
-      if (timeoutId) clearTimeout(timeoutId);
-
-      if (!response.ok) {
-        const errorText = await response.text();
-        console.error(`[Stdio Wrapper] Remote server error: ${response.status} - ${errorText}`);
-
-        // Handle 401 specifically - token expired/invalid, trigger re-auth
-        if (response.status === 401) {
-          console.error('[Polydev] Remote API returned 401, auto-triggering re-authentication...');
-          return await this.triggerReAuth(request.id, 'Authentication expired. Re-authenticating...');
-        }
-
-        return {
-          jsonrpc: '2.0',
-          id: request.id,
-          error: {
-            code: -32603,
-            message: `Remote server error: ${response.status} - ${errorText}`
-          }
-        };
+  /**
+   * Send an MCP progress notification to the client
+   * This is a JSON-RPC notification (no id) that compatible clients use to:
+   * 1. Display progress UI (status bar, spinners)
+   * 2. Reset their tool call timeout (if resetTimeoutOnProgress is enabled)
+   * @param {string|number} progressToken - Token from request's _meta.progressToken
+   * @param {number} progress - Current progress value (must increase monotonically)
+   * @param {number} total - Total expected progress value
+   * @param {string} message - Human-readable status message
+   */
+  sendProgressNotification(progressToken, progress, total, message) {
+    if (!progressToken) return; // Client didn't request progress
+    
+    const notification = {
+      jsonrpc: '2.0',
+      method: 'notifications/progress',
+      params: {
+        progressToken,
+        progress,
+        total,
+        message
       }
-
-      const result = await response.json();
-      console.error(`[Stdio Wrapper] Got response from remote server`);
-      return result;
-    } catch (error) {
-      console.error(`[Stdio Wrapper] Network error:`, error.message);
-      return {
-        jsonrpc: '2.0',
-        id: request.id,
-        error: {
-          code: -32603,
-          message: `Network error: ${error.message}`
-        }
-      };
+    };
+    
+    try {
+      process.stdout.write(JSON.stringify(notification) + '\n');
+      console.error(`[Polydev] Progress: ${progress}/${total} - ${message}`);
+    } catch (err) {
+      console.error(`[Polydev] Failed to send progress notification:`, err.message);
     }
   }
 
   /**
-   * Check if a tool is a CLI tool that should be handled locally
+   * Start a periodic progress heartbeat to prevent client-side timeouts.
+   * Sends a progress notification every intervalMs to signal the server is still working.
+   * Compatible MCP clients will reset their timeout clock on each notification.
+   * @param {string|number} progressToken - Token from request's _meta.progressToken
+   * @param {number} intervalMs - Heartbeat interval in milliseconds (default: 10s)
+   * @returns {{ stop: Function, tick: Function }} Controller to stop heartbeat and manually tick progress
    */
-  isCliTool(toolName) {
-    const cliTools = [
-      'force_cli_detection',
-      'get_cli_status', 
-      'send_cli_prompt',
-      'polydev.force_cli_detection',
-      'polydev.get_cli_status', 
-      'polydev.send_cli_prompt'
-    ];
-    return cliTools.includes(toolName);
+  startProgressHeartbeat(progressToken, intervalMs = 10000) {
+    if (!progressToken) return { stop: () => {}, tick: () => {} };
+    
+    let currentProgress = 0;
+    const total = 100; // Use percentage-style progress
+    
+    const interval = setInterval(() => {
+      currentProgress = Math.min(currentProgress + 5, 95); // Never reach 100 until done
+      this.sendProgressNotification(progressToken, currentProgress, total, 'Processing perspectives...');
+    }, intervalMs);
+    
+    return {
+      stop: () => clearInterval(interval),
+      tick: (progress, message) => {
+        currentProgress = progress;
+        this.sendProgressNotification(progressToken, progress, total, message);
+      }
+    };
   }
 
   /**
@@ -1644,12 +1665,30 @@ To re-login: /polydev:login`
   async handleGetPerspectivesWithCLIs(params, id) {
     console.error(`[Stdio Wrapper] Handling get_perspectives with local CLIs + remote`);
     
+    // Extract progress token from request metadata (MCP spec)
+    // Clients that want progress updates include this in _meta.progressToken
+    const progressToken = params?._meta?.progressToken;
+    if (progressToken) {
+      console.error(`[Stdio Wrapper] Client requested progress updates (token: ${progressToken})`);
+    }
+    
+    // Start periodic heartbeat to prevent client-side timeouts
+    // Sends progress notification every 10s to keep the connection alive
+    const heartbeat = this.startProgressHeartbeat(progressToken);
+    
     try {
+      // Send initial progress
+      heartbeat.tick(5, 'Initializing perspectives engine...');
+      
       // Use existing localSendCliPrompt logic which already:
       // 1. Checks all local CLIs
       // 2. Calls remote perspectives
       // 3. Combines results
-      const result = await this.localSendCliPrompt(params.arguments);
+      const result = await this.localSendCliPrompt(params.arguments, progressToken);
+
+      // Stop heartbeat before sending final response
+      heartbeat.stop();
+      heartbeat.tick(100, 'Complete');
 
       // Check if result indicates auth failure (from forwardToRemoteServer 401 handling)
       if (result?.result?.content?.[0]?.text?.includes('RE-AUTHENTICATION REQUIRED')) {
@@ -1678,13 +1717,27 @@ To re-login: /polydev:login`
       };
 
     } catch (error) {
+      heartbeat.stop(); // Always clean up heartbeat
       console.error(`[Stdio Wrapper] get_perspectives error:`, error);
       
-      // Check if error is auth-related
+      // Check if error is specifically an HTTP 401 unauthorized
+      // IMPORTANT: Don't match generic 'token' or 'auth' strings — they appear in
+      // unrelated errors like "Unexpected token" (JSON parse) or "authentication" (CLI output)
       const errMsg = (error.message || '').toLowerCase();
-      if (errMsg.includes('401') || errMsg.includes('unauthorized') || errMsg.includes('auth') || errMsg.includes('token')) {
-        console.error('[Polydev] Perspectives auth error, auto-triggering re-authentication...');
-        return await this.triggerReAuth(id, 'Authentication expired. Re-authenticating...');
+      const isHttp401 = errMsg.includes('401') || errMsg.includes('unauthorized');
+      if (isHttp401) {
+        console.error('[Polydev] Perspectives auth error (401), suggesting re-login');
+        return {
+          jsonrpc: '2.0',
+          id,
+          result: {
+            content: [{
+              type: 'text',
+              text: `Authentication error: ${error.message}\n\nPlease re-authenticate using the "login" tool or run: npx polydev-ai`
+            }],
+            isError: true
+          }
+        };
       }
       
       return {
@@ -1704,9 +1757,13 @@ To re-login: /polydev:login`
   async handleLocalCliTool(request) {
     const { method, params, id } = request;
     const { name: toolName, arguments: args } = params;
+    const progressToken = params?._meta?.progressToken;
 
     console.error(`[Stdio Wrapper] Handling local CLI tool: ${toolName}`);
 
+    // Start heartbeat for long-running CLI operations
+    const heartbeat = this.startProgressHeartbeat(progressToken);
+
     try {
       let result;
 
@@ -1723,13 +1780,14 @@ To re-login: /polydev:login`
         
         case 'send_cli_prompt':
         case 'polydev.send_cli_prompt':
-          result = await this.localSendCliPrompt(args);
+          result = await this.localSendCliPrompt(args, progressToken);
           break;
         
         default:
           throw new Error(`Unknown CLI tool: ${toolName}`);
       }
 
+      heartbeat.stop();
       return {
         jsonrpc: '2.0',
         id,
@@ -1745,6 +1803,7 @@ To re-login: /polydev:login`
 
     } catch (error) {
       console.error(`[Stdio Wrapper] CLI tool error:`, error);
+      heartbeat.stop();
       return {
         jsonrpc: '2.0',
         id,
@@ -1885,7 +1944,7 @@ To re-login: /polydev:login`
    * Respects user's perspectives_per_message setting for total perspectives
    * Uses allProviders from dashboard - tries CLI first, falls back to API
    */
-  async localSendCliPrompt(args) {
+  async localSendCliPrompt(args, progressToken) {
     console.error(`[Stdio Wrapper] Local CLI prompt sending with perspectives`);
     
     try {
@@ -1912,6 +1971,8 @@ To re-login: /polydev:login`
       } catch (prefError) {
         console.error('[Stdio Wrapper] Model preferences fetch failed (will use CLI defaults):', prefError.message);
       }
+      
+      this.sendProgressNotification(progressToken, 15, 100, 'Loaded model preferences');
 
       // Get the user's perspectives_per_message setting (default 2)
       const maxPerspectives = this.perspectivesPerMessage || 2;
@@ -1920,14 +1981,11 @@ To re-login: /polydev:login`
       let localResults = [];
 
       if (provider_id) {
-        // Specific provider requested - use only that one
+        // Single provider requested - use only that one
         console.error(`[Stdio Wrapper] Using specific provider: ${provider_id}`);
         const model = modelPreferences[provider_id] || null;
-        if (model) {
-          console.error(`[Stdio Wrapper] Using user's preferred model for ${provider_id}: ${model}`);
-        } else {
-          console.error(`[Stdio Wrapper] No model preference for ${provider_id}, using CLI default`);
-        }
+        console.error(`[Stdio Wrapper] Using user's preferred model for ${provider_id}: ${model}`);
+        this.sendProgressNotification(progressToken, 20, 100, `Querying ${provider_id}...`);
         const result = await this.cliManager.sendCliPrompt(provider_id, prompt, mode, gracefulTimeout, model);
         localResults = [{ provider_id, ...result }];
       } else {
@@ -1939,6 +1997,7 @@ To re-login: /polydev:login`
         // Get available CLIs for checking
         const { available: availableClis } = await this.getAllAvailableProviders();
         console.error(`[Stdio Wrapper] Available CLIs: ${availableClis.join(', ') || 'none'}`);
+        this.sendProgressNotification(progressToken, 25, 100, `Found ${availableClis.length} CLIs: ${availableClis.join(', ') || 'none'}`);
         
         // Get all providers from dashboard (user's configured providers + CLI-only)
         const allProviders = this.allProviders || [];
@@ -1983,7 +2042,7 @@ To re-login: /polydev:login`
         for (const cliId of cliPriorityOrder) {
           if (!availableClis.includes(cliId)) continue;
           if (cliId === excludedCli) {
-            console.error(`[Stdio Wrapper] [CLI-FIRST] Skipping ${cliId} (same as current IDE — would cause recursive call)`);
+            console.error(`[Stdio Wrapper] [CLI-FIRST] Skipping ${excludedCli} (same as current IDE — would cause recursive call)`);
             continue;
           }
           
@@ -2041,6 +2100,7 @@ To re-login: /polydev:login`
         // Run ALL CLI prompts concurrently with fast-collect pattern
         // Resolves once we have maxPerspectives successes OR all complete
         if (cliProviderEntries.length > 0) {
+          this.sendProgressNotification(progressToken, 30, 100, `Querying ${cliProviderEntries.length} CLIs in parallel...`);
           const cliPromises = cliProviderEntries.map(async (providerEntry) => {
             try {
               // ONLY use the model from providerEntry (which is filtered to user's own API keys, not credits)
@@ -2094,6 +2154,7 @@ To re-login: /polydev:login`
           // Fast-collect: resolve early once we have maxPerspectives successes OR all complete
           localResults = await this.collectFirstNSuccesses(cliPromises, maxPerspectives);
           console.error(`[Stdio Wrapper] Fast-collect: got ${localResults.filter(r => r.success).length} successful, ${localResults.filter(r => !r.success).length} failed out of ${cliPromises.length} CLIs`);
+          this.sendProgressNotification(progressToken, 55, 100, `Got ${localResults.filter(r => r.success).length} CLI responses`);
         }
         
         // Store API-only providers info for remote API call
@@ -2116,6 +2177,7 @@ To re-login: /polydev:login`
       // Get remote perspectives for API-only providers and failed CLIs
       let perspectivesResult;
       if (remainingPerspectives > 0) {
+        this.sendProgressNotification(progressToken, 65, 100, `Fetching ${remainingPerspectives} more perspectives from API...`);
         console.error(`[Stdio Wrapper] Calling remote API for ${remainingPerspectives} more perspectives (have ${successfulLocalCount}/${maxPerspectives})`);
         
         // Pass API-only provider info to help remote API choose correct models
@@ -2155,6 +2217,7 @@ To re-login: /polydev:login`
       }
 
       // Combine all results
+      this.sendProgressNotification(progressToken, 90, 100, 'Combining all perspectives...');
       return this.combineAllCliAndPerspectives(localResults, perspectivesResult, args);
 
     } catch (error) {
@@ -2462,7 +2525,7 @@ To re-login: /polydev:login`
             user_token: this.userToken,
             // Exclude providers that succeeded locally
             exclude_providers: excludeProviders,
-            // NEW: Specific providers to request (from API-only list)
+            // NEW: Specific providers to request (from API-only providers)
             request_providers: requestProviders.length > 0 ? requestProviders : undefined,
             // Pass CLI responses for dashboard logging
             cli_responses: cliResponses,
@@ -2659,8 +2722,8 @@ To re-login: /polydev:login`
       const statusFile = path.join(polydevevDir, 'cli-status.json');
 
       // Ensure directory exists
-      if (!fs.existsSync(polydevevDir)) {
-        fs.mkdirSync(polydevevDir, { recursive: true });
+      if (!fs.existsSync(polydeveevDir)) {
+        fs.mkdirSync(polydeveevDir, { recursive: true });
       }
 
       // Save status with timestamp
@@ -2849,11 +2912,11 @@ To re-login: /polydev:login`
     try {
       const homeDir = require('os').homedir();
       const polydevevDir = path.join(homeDir, '.polydev');
-      const usageFile = path.join(polydevevDir, 'cli-usage.json');
+      const usageFile = path.join(polydeveevDir, 'cli-usage.json');
 
       // Ensure directory exists
-      if (!fs.existsSync(polydevevDir)) {
-        fs.mkdirSync(polydevevDir, { recursive: true });
+      if (!fs.existsSync(polydeveevDir)) {
+        fs.mkdirSync(polydeveevDir, { recursive: true });
       }
 
       // Add new usage record
@@ -2963,7 +3026,7 @@ To re-login: /polydev:login`
         this.userModelPreferences = result.modelPreferences;
         this.modelPreferencesCacheTime = Date.now();
         
-        // Also cache perspectives_per_message setting (default 2)
+        // Also cache perspectivesPerMessage setting (default 2)
         this.perspectivesPerMessage = result.perspectivesPerMessage || 2;
         
         // Cache provider order from user's dashboard (respects display_order)
@@ -3124,27 +3187,24 @@ To re-login: /polydev:login`
   }
 
   /**
-   * Run startup flow - auto-login if no token, verify if has token
+   * Run startup flow - verify token if present, show instructions if not
+   * NEVER auto-opens browser — only the explicit "login" tool should do that
    */
   async runStartupFlow() {
+    // Last-chance token reload before deciding
     if (!this.userToken) {
-      // No token - auto-open browser for login (NON-BLOCKING)
+      this.reloadTokenFromFiles();
+    }
+    
+    if (!this.userToken) {
+      // No token found — just log instructions, don't open browser
       console.error('─'.repeat(50));
-      console.error('Polydev - First Time Setup');
+      console.error('Polydev - Authentication Required');
       console.error('─'.repeat(50));
-      console.error('Opening browser for authentication...\n');
-      
-      // Run auto-login in background (don't block MCP server startup)
-      this.autoLoginOnStartup().then(() => {
-        console.error('[Polydev] Login completed, running CLI detection...');
-        // After login, run CLI detection
-        return this.localForceCliDetection({});
-      }).then(() => {
-        this._cliDetectionComplete = true;
-        return this.displayCliStatus();
-      }).catch((error) => {
-        console.error('[Polydev] Auto-login flow error:', error.message);
-      });
+      console.error('No token found. To authenticate:');
+      console.error('  1. Use the "login" tool');
+      console.error('  2. Or run: npx polydev-ai');
+      console.error('─'.repeat(50) + '\n');
     } else {
       // Has token - verify it (also non-blocking)
       this.verifyAndDisplayAuth().catch((error) => {
@@ -3153,159 +3213,6 @@ To re-login: /polydev:login`
     }
   }
 
-  /**
-   * Auto-login on startup (opens browser automatically)
-   */
-  async autoLoginOnStartup() {
-    const http = require('http');
-    const { spawn } = require('child_process');
-
-    return new Promise((resolve) => {
-      const server = http.createServer((req, res) => {
-        const url = new URL(req.url, `http://localhost`);
-
-        if (req.method === 'OPTIONS') {
-          res.writeHead(204, {
-            'Access-Control-Allow-Origin': '*',
-            'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-            'Access-Control-Allow-Headers': 'Content-Type'
-          });
-          res.end();
-          return;
-        }
-
-        if (url.pathname === '/callback') {
-          const token = url.searchParams.get('token');
-
-          if (token && token.startsWith('pd_')) {
-            this.saveTokenToFiles(token);
-            this.userToken = token;
-            this.isAuthenticated = true;
-            this._freshLogin = true; // Flag for opening models page after CLI detection
-
-            res.writeHead(200, {
-              'Content-Type': 'text/html; charset=utf-8',
-              'Access-Control-Allow-Origin': '*'
-            });
-            res.end(this.getLoginSuccessHTML());
-
-            console.error('[Polydev] Login successful, token saved');
-
-            // Wait 7 seconds before closing server (gives time for 5s auto-close countdown + buffer)
-            setTimeout(() => {
-              server.close();
-              resolve({
-                jsonrpc: '2.0',
-                id,
-                result: {
-                  content: [{
-                    type: 'text',
-                    text: `LOGIN SUCCESSFUL
-================
-
-Token saved to:
-  ~/.polydev.env
-  ~/.zshrc
-
-IMPORTANT: Restart your IDE to activate.
-
-After restart, you can:
-  /polydev:ask   Query multiple AI models
-  /polydev:auth  Check status & credits
-
-Dashboard: https://polydev.ai/dashboard`
-                  }]
-                }
-              });
-            }, 7000);
-          } else {
-            res.writeHead(400, { 'Content-Type': 'text/plain' });
-            res.end('Invalid or missing token');
-          }
-        } else {
-          res.writeHead(404);
-          res.end('Not found');
-        }
-      });
-
-      server.listen(0, 'localhost', () => {
-        const port = server.address().port;
-        const callbackUrl = `http://localhost:${port}/callback`;
-        const authUrl = `https://polydev.ai/auth?callback=${encodeURIComponent(callbackUrl)}&redirect=ide-plugin&auto=true`;
-
-        console.error('If browser does not open, visit:');
-        console.error(authUrl);
-        console.error('');
-
-        // Best-in-class browser opening using 'open' package (cross-platform)
-        // Falls back to platform-specific commands if package fails
-        this.openBrowser(authUrl).catch(() => {
-          console.error('[Polydev] All browser open methods failed');
-          console.error('[Polydev] Please open this URL manually:', authUrl);
-        });
-
-        // Don't block forever - resolve after timeout
-        setTimeout(() => {
-          if (!this.isAuthenticated) {
-            console.error('[!] Login timeout - use "login" tool to try again');
-            console.error('─'.repeat(50) + '\n');
-          }
-          server.close();
-          resolve(false);
-        }, 2 * 60 * 1000); // 2 minute timeout for startup
-      });
-
-      server.on('error', (err) => {
-        console.error('[!] Could not start login server:', err.message);
-        console.error('    Use "login" tool or run: npx polydev-ai login');
-        console.error('─'.repeat(50) + '\n');
-        resolve(false);
-      });
-    });
-  }
-
-  /**
-   * Verify token and display auth status
-   */
-  async verifyAndDisplayAuth() {
-    try {
-      const response = await fetch('https://www.polydev.ai/api/mcp', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'Authorization': `Bearer ${this.userToken}`,
-          'User-Agent': 'polydev-mcp/1.0.0'
-        },
-        body: JSON.stringify({ action: 'check_status' })
-      });
-
-      if (response.ok) {
-        const data = await response.json();
-        const credits = data.credits_remaining?.toLocaleString() || 0;
-        const tier = data.subscription_tier || 'Free';
-        
-        console.error('─'.repeat(50));
-        console.error('Polydev - Authenticated');
-        console.error('─'.repeat(50));
-        console.error(`Account: ${data.email || 'Connected'}`);
-        console.error(`Credits: ${credits} | Tier: ${tier}`);
-        console.error('─'.repeat(50) + '\n');
-      } else {
-        // Don't clear isAuthenticated here — handleGetAuthStatus has its own
-        // verification and triggerReAuth logic. Clearing here causes a race condition
-        // where startup verification can invalidate auth before the user checks status.
-        console.error('─'.repeat(50));
-        console.error('Polydev - Token may be invalid');
-        console.error('─'.repeat(50));
-        console.error('Server returned non-OK. Will re-verify on next auth check.');
-        console.error('Use the "login" tool or run: npx polydev-ai login');
-        console.error('─'.repeat(50) + '\n');
-      }
-    } catch (error) {
-      console.error('[Polydev] Could not verify auth (offline?):', error.message || 'unknown');
-    }
-  }
-
   /**
    * Display CLI tools status after detection
    */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polydev-ai",
-  "version": "1.9.26",
+  "version": "1.9.28",
   "engines": {
     "node": ">=20.x <=22.x"
   },