ponch-mcp-server 1.0.73 → 1.0.75

package/dist/index.js

@@ -3129,7 +3129,38 @@ var MartinContractSchema = import_zod28.z.object({
   extractChanges: ExtractChangesSchema.optional(),
   // Governance
   quotasConsumed: import_zod28.z.array(import_zod28.z.string()),
-  requiredRoles: import_zod28.z.array(import_zod28.z.string()).min(1),
+  // ── PermissionScope (HITO 6 A6) ────────────────────────────
+  // Cada contract declara EXPLÍCITAMENTE su scope de acceso.
+  // Sin paths legacy. Sin opcionales. Un solo modelo.
+  //
+  //   'module' — Tool de un módulo del negocio (marketing, compras, etc.)
+  //              Requiere permissionKey + permissionAction. El wrapper
+  //              consulta permisosPorModulo del rol del usuario.
+  //
+  //   'self'   — Tool sobre datos del propio usuario (memorias, rutinas
+  //              personales con Martin). El wrapper solo verifica que
+  //              el usuario esté logueado en el tenant. El helper
+  //              individual valida que el doc pertenezca al uid del
+  //              usuario (doc.uid === ctx.user.uid).
+  //
+  //   'saas'   — Tool del admin del SaaS (deleteTenant, suspendTenant).
+  //              Solo super_admin pasa. Validación tenant-ownership la
+  //              hace el helper internamente.
+  permissionScope: import_zod28.z.enum(["module", "self", "saas"]),
+  /**
+   * Key del módulo. Solo si scope === 'module'.
+   * Ejemplos: 'marketing', 'mural', 'analytics', 'compras'.
+   * Coincide con keys que el sistema ya usa en
+   * `configuracion/{tenantId}_roles.{roleId}.permisosPorModulo`.
+   */
+  permissionKey: import_zod28.z.string().min(1).optional(),
+  /**
+   * Nivel mínimo requerido. Solo si scope === 'module'.
+   * - 'ver'      → lectura
+   * - 'editar'   → mutación reversible
+   * - 'completo' → destructivos / publicación externa
+   */
+  permissionAction: import_zod28.z.enum(["ver", "editar", "completo"]).optional(),
   sideEffects: import_zod28.z.array(SideEffectEnum),
   // Disabled state declaration (HITO 6).
   // Si el helper PUEDE retornar { disabled: true, code }, el author
@@ -3174,6 +3205,37 @@ var MartinContractSchema = import_zod28.z.object({
       path: ["requiresConfirmation"]
     });
   }
+  if (contract.permissionScope === "module") {
+    if (!contract.permissionKey) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='module' requiere permissionKey.`,
+        path: ["permissionKey"]
+      });
+    }
+    if (!contract.permissionAction) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='module' requiere permissionAction.`,
+        path: ["permissionAction"]
+      });
+    }
+  } else {
+    if (contract.permissionKey) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='${contract.permissionScope}' no debe declarar permissionKey (solo aplica a scope='module').`,
+        path: ["permissionKey"]
+      });
+    }
+    if (contract.permissionAction) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='${contract.permissionScope}' no debe declarar permissionAction (solo aplica a scope='module').`,
+        path: ["permissionAction"]
+      });
+    }
+  }
 });
 var ParamsSchema = import_zod27.z.object({
   tenantId: import_zod27.z.string().min(1),
@@ -3224,7 +3286,9 @@ var rawContract = {
     after: output.ok ? { plan: input.plan } : null
   }),
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "editar",
   sideEffects: ["writes_firestore", "updates_brand_config"]
 };
 var planWriterSaveContract = MartinContractSchema.parse(
@@ -3798,7 +3862,9 @@ var rawContract2 = {
     } : null
   }),
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "editar",
   sideEffects: ["writes_firestore", "updates_calendar_slot"]
 };
 var calendarSlotUpdaterContract = MartinContractSchema.parse(
@@ -3856,7 +3922,9 @@ var rawContract3 = {
   // AUDITA SIEMPRE — regla A5. Lectura no muta, changes son null/null.
   auditAction: "marketing.calendario.leer",
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado", "empleado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "ver",
   sideEffects: ["reads_firestore"]
 };
 var getCalendarContract = MartinContractSchema.parse(
@@ -4191,7 +4259,9 @@ var rawContract4 = {
   auditAction: "marketing.brand_brief.preparar",
   // No extractTargetPath/extractChanges — no es writer.
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "ver",
   sideEffects: ["reads_firestore"]
 };
 var brandBriefBuilderContract = MartinContractSchema.parse(
@@ -6259,25 +6329,68 @@ function getWrapperMessage(key, locale) {
   }
   return msg;
 }
-function hasRequiredRole(userRol, required) {
-  if (userRol === "super_admin") return true;
-  if (required.includes("*")) return true;
-  return required.includes(userRol);
+var NIVELES_ORDER = ["ninguno", "ver", "editar", "completo"];
+function nivelAlcanza(nivel, accion) {
+  return NIVELES_ORDER.indexOf(nivel) >= NIVELES_ORDER.indexOf(accion);
 }
-function wrapWithContract(contract, helper) {
+function wrapWithContract(contract, helper, options = {}) {
   return async function wrappedTool(input, ctx) {
     const startMs = Date.now();
     const locale = ctx.user.idiomaPreferido;
-    if (!hasRequiredRole(ctx.user.rol, contract.requiredRoles)) {
+    let accesoOk = false;
+    let reqDesc = "";
+    switch (contract.permissionScope) {
+      case "module": {
+        if (!contract.permissionKey || !contract.permissionAction) {
+          throw new Error(
+            `Wrapper: contract "${contract.name}" scope='module' sin permissionKey/permissionAction. Schema debi\xF3 validar esto.`
+          );
+        }
+        if (!options.permissionResolver) {
+          throw new Error(
+            `Wrapper: contract "${contract.name}" scope='module' pero el caller no inyect\xF3 permissionResolver. Pasarlo en options.`
+          );
+        }
+        reqDesc = `module:${contract.permissionKey}:${contract.permissionAction}`;
+        if (ctx.user.rol === "super_admin") {
+          accesoOk = true;
+          break;
+        }
+        const nivel = await options.permissionResolver({
+          tenantId: ctx.tenantId,
+          userRol: ctx.user.rol,
+          modulo: contract.permissionKey
+        });
+        accesoOk = nivelAlcanza(nivel, contract.permissionAction);
+        break;
+      }
+      case "self": {
+        reqDesc = "self";
+        accesoOk = !!ctx.user.uid && ctx.user.uid !== "";
+        break;
+      }
+      case "saas": {
+        reqDesc = "saas";
+        accesoOk = ctx.user.rol === "super_admin";
+        break;
+      }
+      default: {
+        const _exhaustive = contract.permissionScope;
+        throw new Error(
+          `Wrapper: contract "${contract.name}" permissionScope inv\xE1lido: ${String(_exhaustive)}.`
+        );
+      }
+    }
+    if (!accesoOk) {
       await writeAuditLog({
         tenantId: ctx.tenantId,
         brandId: ctx.brandId ?? null,
         actor: { type: "martin", uid: ctx.user.uid, nombre: ctx.user.nombre },
         action: contract.auditAction,
-        motivo: `Acceso denegado \u2014 rol '${ctx.user.rol}' no autorizado`,
+        motivo: `Acceso denegado \u2014 rol '${ctx.user.rol}' sin permiso para ${reqDesc}`,
         conversacionId: ctx.conversacionId ?? null,
         status: "error",
-        errorMessage: `Required: ${contract.requiredRoles.join(",")}, got: ${ctx.user.rol}`,
+        errorMessage: `Required: ${reqDesc}, got rol: ${ctx.user.rol}`,
         durationMs: Date.now() - startMs
       });
       return {
@@ -6288,6 +6401,19 @@ function wrapWithContract(contract, helper) {
     }
     const parseResult = contract.paramsSchema.safeParse(input);
     if (!parseResult.success) {
+      const validationErrors = parseResult.error.issues.map((i) => {
+        const issue = i;
+        return {
+          path: i.path,
+          code: i.code,
+          message: i.message,
+          received: issue.received,
+          expected: issue.expected
+        };
+      });
+      const camposFallidos = validationErrors.map((v) => v.path.join(".")).filter(Boolean);
+      const baseMsg = getWrapperMessage("input_invalido", locale);
+      const text = camposFallidos.length ? locale === "en" ? `${baseMsg} Issues with: ${camposFallidos.join(", ")}.` : `${baseMsg} Hubo problemas con: ${camposFallidos.join(", ")}.` : baseMsg;
       await writeAuditLog({
         tenantId: ctx.tenantId,
         brandId: ctx.brandId ?? null,
@@ -6296,13 +6422,14 @@ function wrapWithContract(contract, helper) {
         motivo: "Input inv\xE1lido \u2014 Zod parse failed",
         conversacionId: ctx.conversacionId ?? null,
         status: "error",
-        errorMessage: `Input shape inv\xE1lido: ${parseResult.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ")}`,
+        errorMessage: `Input shape inv\xE1lido: ${validationErrors.map((v) => `${v.path.join(".")}: ${v.code} (${v.message})`).join("; ")}`,
         durationMs: Date.now() - startMs
       });
       return {
-        text: getWrapperMessage("input_invalido", locale),
+        text,
         structuredOutput: null,
-        state: "error"
+        state: "error",
+        validationErrors
       };
     }
     const parsedInput = parseResult.data;
@@ -6349,7 +6476,6 @@ function wrapWithContract(contract, helper) {
     let output;
     try {
       output = await helper(parsedInput);
-      contract.outputSchema.parse(output);
     } catch (err) {
       await writeAuditLog({
         tenantId: ctx.tenantId,
@@ -6368,6 +6494,36 @@ function wrapWithContract(contract, helper) {
         state: "error"
       };
     }
+    const outputParse = contract.outputSchema.safeParse(output);
+    if (!outputParse.success) {
+      const validationErrors = outputParse.error.issues.map((i) => {
+        const issue = i;
+        return {
+          path: i.path,
+          code: i.code,
+          message: i.message,
+          received: issue.received,
+          expected: issue.expected
+        };
+      });
+      await writeAuditLog({
+        tenantId: ctx.tenantId,
+        brandId: ctx.brandId ?? null,
+        actor: { type: "martin", uid: ctx.user.uid, nombre: ctx.user.nombre },
+        action: contract.auditAction,
+        motivo: `Output del helper inv\xE1lido \u2014 bug de "${contract.name}"`,
+        conversacionId: ctx.conversacionId ?? null,
+        status: "error",
+        errorMessage: `Output shape inv\xE1lido: ${validationErrors.map((v) => `${v.path.join(".")}: ${v.code} (${v.message})`).join("; ")}`,
+        durationMs: Date.now() - startMs
+      });
+      return {
+        text: martinSafeError(new Error("output_invalid"), locale),
+        structuredOutput: null,
+        state: "error",
+        validationErrors
+      };
+    }
     const maybeDisabled = output;
     if (maybeDisabled.disabled === true) {
       const code = maybeDisabled.code;
@@ -6502,9 +6658,24 @@ async function dispatchWithContract(args) {
   const { contract, helper, callable, input, ctx } = args;
   if (getMode() === "admin") {
     const db = getAdminDb();
+    const permissionResolver = async (args2) => {
+      if (args2.userRol === "super_admin") return "completo";
+      const ref = db.collection("configuracion").doc(`${args2.tenantId}_roles`);
+      const snap = await ref.get();
+      if (!snap.exists) return "ninguno";
+      const rolesData = snap.data();
+      const rolData = rolesData[args2.userRol];
+      if (!rolData || rolData.activo === false) return "ninguno";
+      const nivel = rolData.permisosPorModulo?.[args2.modulo];
+      if (nivel === "completo" || nivel === "editar" || nivel === "ver" || nivel === "ninguno") {
+        return nivel;
+      }
+      return "ninguno";
+    };
     const wrapped = wrapWithContract(
       contract,
-      async (i) => helper({ ...i, db })
+      async (i) => helper({ ...i, db }),
+      { permissionResolver }
     );
     return wrapped(input, ctx);
   }
@@ -7710,7 +7881,14 @@ function registerMarketingTools(server, session) {
         input: { tenantId, brandId, plan },
         ctx
       });
-      const payload = result.state === "success" ? result.structuredOutput : { ok: false, state: result.state, mensaje: result.text };
+      const payload = result.state === "success" ? result.structuredOutput : {
+        ok: false,
+        state: result.state,
+        mensaje: result.text,
+        // HITO 6 A6.7: incluir detalles Zod estructurados para que
+        // Claude (LLM) pueda auto-recuperarse en el siguiente intento.
+        ...result.validationErrors && result.validationErrors.length > 0 ? { validationErrors: result.validationErrors } : {}
+      };
       return { content: [{ type: "text", text: JSON.stringify(payload) }] };
     }
   );
@@ -7918,7 +8096,14 @@ Si pasas campos dentro de "datos", se hace merge con los datos existentes (no lo
         input: { tenantId, brandId, mes, semana, slotIndex, cambios, accionContenidoExistente },
         ctx
       });
-      const payload = result.state === "success" ? result.structuredOutput : { ok: false, state: result.state, mensaje: result.text };
+      const payload = result.state === "success" ? result.structuredOutput : {
+        ok: false,
+        state: result.state,
+        mensaje: result.text,
+        // HITO 6 A6.7: incluir detalles Zod estructurados para que
+        // Claude (LLM) pueda auto-recuperarse en el siguiente intento.
+        ...result.validationErrors && result.validationErrors.length > 0 ? { validationErrors: result.validationErrors } : {}
+      };
       return { content: [{ type: "text", text: JSON.stringify(payload) }] };
     }
   );