npm - polydev-ai - Versions diffs - 1.9.27 → 1.9.28 - Mend

polydev-ai 1.9.27 → 1.9.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/mcp/stdio-wrapper.js +74 -185
package/package.json +1 -1

package/mcp/stdio-wrapper.js CHANGED Viewed

@@ -155,9 +155,6 @@ if (writableTmp) {
  * Strips: provider info, approval, sandbox, reasoning, session id, MCP errors, etc.
  *
  * Codex CLI output structure:
- *   [metadata] → user → [echoed prompt] → thinking → [status] → codex → [RESPONSE] → tokens used → [count]
- *
- * Claude Code output structure:
  *   [may include JSON or plain text response]
  */
 function cleanCliResponse(content) {
@@ -1046,9 +1043,28 @@ To authenticate, pass your token directly:
         };
       }
-      // Not sandboxed — auto-trigger browser login
-      console.error('[Polydev] No token found, auto-triggering login flow...');
-      return await this.triggerReAuth(id, 'Not authenticated. Opening browser for login...');
+      // Not sandboxed — tell user to use login tool (don't auto-open browser)
+      console.error('[Polydev] No token found, prompting user to login');
+      return {
+        jsonrpc: '2.0',
+        id,
+        result: {
+          content: [{
+            type: 'text',
+            text: `POLYDEV STATUS
+==============
+Authentication: Not connected
+To login:
+  1. Use the "login" tool (opens browser)
+  2. Or run: npx polydev-ai
+Token will be saved automatically after login.`
+          }],
+          isError: true
+        }
+      };
     }
     try {
@@ -1138,9 +1154,26 @@ Configure: https://polydev.ai/dashboard/models`
           }
         };
       } else {
-        // Token invalid/expired - auto-trigger re-authentication
-        console.error('[Polydev] Auth status: token invalid/expired, auto-triggering re-auth...');
-        return await this.triggerReAuth(id, 'Token invalid or expired.');
+        // Token invalid/expired - tell user to re-login (don't auto-open browser)
+        console.error('[Polydev] Auth status: token invalid/expired');
+        return {
+          jsonrpc: '2.0',
+          id,
+          result: {
+            content: [{
+              type: 'text',
+              text: `POLYDEV STATUS
+==============
+Authentication: Token invalid or expired
+To re-authenticate:
+  1. Use the "login" tool (opens browser)
+  2. Or run: npx polydev-ai`
+            }],
+            isError: true
+          }
+        };
       }
     } catch (error) {
       // Categorize the error for clearer user messaging
@@ -1687,11 +1720,24 @@ To re-login: /polydev:login`
       heartbeat.stop(); // Always clean up heartbeat
       console.error(`[Stdio Wrapper] get_perspectives error:`, error);
-      // Check if error is auth-related
+      // Check if error is specifically an HTTP 401 unauthorized
+      // IMPORTANT: Don't match generic 'token' or 'auth' strings — they appear in
+      // unrelated errors like "Unexpected token" (JSON parse) or "authentication" (CLI output)
       const errMsg = (error.message || '').toLowerCase();
-      if (errMsg.includes('401') || errMsg.includes('unauthorized') || errMsg.includes('auth') || errMsg.includes('token')) {
-        console.error('[Polydev] Perspectives auth error, auto-triggering re-authentication...');
-        return await this.triggerReAuth(id, 'Authentication expired. Re-authenticating...');
+      const isHttp401 = errMsg.includes('401') || errMsg.includes('unauthorized');
+      if (isHttp401) {
+        console.error('[Polydev] Perspectives auth error (401), suggesting re-login');
+        return {
+          jsonrpc: '2.0',
+          id,
+          result: {
+            content: [{
+              type: 'text',
+              text: `Authentication error: ${error.message}\n\nPlease re-authenticate using the "login" tool or run: npx polydev-ai`
+            }],
+            isError: true
+          }
+        };
       }
       return {
@@ -2676,8 +2722,8 @@ To re-login: /polydev:login`
       const statusFile = path.join(polydevevDir, 'cli-status.json');
       // Ensure directory exists
-      if (!fs.existsSync(polydevevDir)) {
-        fs.mkdirSync(polydevevDir, { recursive: true });
+      if (!fs.existsSync(polydeveevDir)) {
+        fs.mkdirSync(polydeveevDir, { recursive: true });
       }
       // Save status with timestamp
@@ -3141,28 +3187,24 @@ To re-login: /polydev:login`
   }
   /**
-   * Run startup flow - auto-login if no token, verify if has token
+   * Run startup flow - verify token if present, show instructions if not
+   * NEVER auto-opens browser — only the explicit "login" tool should do that
    */
   async runStartupFlow() {
+    // Last-chance token reload before deciding
+    if (!this.userToken) {
+      this.reloadTokenFromFiles();
+    }
     if (!this.userToken) {
-      // No token - auto-open browser for login (NON-BLOCKING)
+      // No token found — just log instructions, don't open browser
       console.error('─'.repeat(50));
-      console.error('Polydev - First Time Setup');
+      console.error('Polydev - Authentication Required');
       console.error('─'.repeat(50));
-      console.error('Opening browser for authentication...\n');
-      // Run auto-login in background (don't block MCP server startup)
-      this.autoLoginOnStartup().then(() => {
-        console.error('[Polydev] Login completed, running CLI detection...');
-        // After login, run CLI detection
-        return this.localForceCliDetection({});
-      }).then(() => {
-        this._cliDetectionComplete = true;
-        // Display CLI status after detection
-        return this.displayCliStatus();
-      }).catch((error) => {
-        console.error('[Polydev] Auto-login flow error:', error.message);
-      });
+      console.error('No token found. To authenticate:');
+      console.error('  1. Use the "login" tool');
+      console.error('  2. Or run: npx polydev-ai');
+      console.error('─'.repeat(50) + '\n');
     } else {
       // Has token - verify it (also non-blocking)
       this.verifyAndDisplayAuth().catch((error) => {
@@ -3171,159 +3213,6 @@ To re-login: /polydev:login`
     }
   }
-  /**
-   * Auto-login on startup (opens browser automatically)
-   */
-  async autoLoginOnStartup() {
-    const http = require('http');
-    const { spawn } = require('child_process');
-    return new Promise((resolve) => {
-      const server = http.createServer((req, res) => {
-        const url = new URL(req.url, `http://localhost`);
-        if (req.method === 'OPTIONS') {
-          res.writeHead(204, {
-            'Access-Control-Allow-Origin': '*',
-            'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-            'Access-Control-Allow-Headers': 'Content-Type'
-          });
-          res.end();
-          return;
-        }
-        if (url.pathname === '/callback') {
-          const token = url.searchParams.get('token');
-          if (token && token.startsWith('pd_')) {
-            this.saveTokenToFiles(token);
-            this.userToken = token;
-            this.isAuthenticated = true;
-            this._freshLogin = true; // Flag for opening models page after CLI detection
-            res.writeHead(200, {
-              'Content-Type': 'text/html; charset=utf-8',
-              'Access-Control-Allow-Origin': '*'
-            });
-            res.end(this.getLoginSuccessHTML());
-            console.error('[Polydev] Login successful, token saved');
-            // Wait 7 seconds before closing server (gives time for 5s auto-close countdown + buffer)
-            setTimeout(() => {
-              server.close();
-              resolve({
-                jsonrpc: '2.0',
-                id,
-                result: {
-                  content: [{
-                    type: 'text',
-                    text: `LOGIN SUCCESSFUL
-================
-Token saved to:
-  ~/.polydev.env
-  ~/.zshrc
-IMPORTANT: Restart your IDE to activate.
-After restart, you can:
-  /polydev:ask   Query multiple AI models
-  /polydev:auth  Check status & credits
-Dashboard: https://polydev.ai/dashboard`
-                  }]
-                }
-              });
-            }, 7000);
-          } else {
-            res.writeHead(400, { 'Content-Type': 'text/plain' });
-            res.end('Invalid or missing token');
-          }
-        } else {
-          res.writeHead(404);
-          res.end('Not found');
-        }
-      });
-      server.listen(0, 'localhost', () => {
-        const port = server.address().port;
-        const callbackUrl = `http://localhost:${port}/callback`;
-        const authUrl = `https://polydev.ai/auth?callback=${encodeURIComponent(callbackUrl)}&redirect=ide-plugin&auto=true`;
-        console.error('If browser does not open, visit:');
-        console.error(authUrl);
-        console.error('');
-        // Best-in-class browser opening using 'open' package (cross-platform)
-        // Falls back to platform-specific commands if package fails
-        this.openBrowser(authUrl).catch(() => {
-          console.error('[Polydev] All browser open methods failed');
-          console.error('[Polydev] Please open this URL manually:', authUrl);
-        });
-        // Don't block forever - resolve after timeout
-        setTimeout(() => {
-          if (!this.isAuthenticated) {
-            console.error('[!] Login timeout - use "login" tool to try again');
-            console.error('─'.repeat(50) + '\n');
-          }
-          server.close();
-          resolve(false);
-        }, 2 * 60 * 1000); // 2 minute timeout for startup
-      });
-      server.on('error', (err) => {
-        console.error('[!] Could not start login server:', err.message);
-        console.error('    Use "login" tool or run: npx polydev-ai login');
-        console.error('─'.repeat(50) + '\n');
-        resolve(false);
-      });
-    });
-  }
-  /**
-   * Verify token and display auth status
-   */
-  async verifyAndDisplayAuth() {
-    try {
-      const response = await fetch('https://www.polydev.ai/api/mcp', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'Authorization': `Bearer ${this.userToken}`,
-          'User-Agent': 'polydev-mcp/1.0.0'
-        },
-        body: JSON.stringify({ action: 'check_status' })
-      });
-      if (response.ok) {
-        const data = await response.json();
-        const credits = data.credits_remaining?.toLocaleString() || 0;
-        const tier = data.subscription_tier || 'Free';
-        console.error('─'.repeat(50));
-        console.error('Polydev - Authenticated');
-        console.error('─'.repeat(50));
-        console.error(`Account: ${data.email || 'Connected'}`);
-        console.error(`Credits: ${credits} | Tier: ${tier}`);
-        console.error('─'.repeat(50) + '\n');
-      } else {
-        // Don't clear isAuthenticated here — handleGetAuthStatus has its own
-        // verification and triggerReAuth logic. Clearing here causes a race condition
-        // where startup verification can invalidate auth before the user checks status.
-        console.error('─'.repeat(50));
-        console.error('Polydev - Token may be invalid');
-        console.error('─'.repeat(50));
-        console.error('Server returned non-OK. Will re-verify on next auth check.');
-        console.error('Use the "login" tool or run: npx polydev-ai login');
-        console.error('─'.repeat(50) + '\n');
-      }
-    } catch (error) {
-      console.error('[Polydev] Could not verify auth (offline?):', error.message || 'unknown');
-    }
-  }
   /**
    * Display CLI tools status after detection
    */

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "polydev-ai",
-  "version": "1.9.27",
+  "version": "1.9.28",
   "engines": {
     "node": ">=20.x <=22.x"
   },