rird 2.1.231 → 2.3.0

package/src/mcp/intent-analyzer.ts

@@ -0,0 +1,376 @@
+/**
+ * Intent-to-Section Analyzer for automatic MCP tool loading
+ *
+ * Analyzes user prompts to determine which MCP tool sections should be loaded.
+ * This enables lazy loading of MCP tools based on task requirements.
+ */
+
+/**
+ * Mapping of intent keywords to MCP sections that should be loaded.
+ * Each keyword maps to an array of section names.
+ */
+const INTENT_SECTIONS: Record<string, string[]> = {
+  // Data extraction intents
+  scrape: ["element-extraction", "file-extraction"],
+  extract: ["element-extraction", "file-extraction"],
+  parse: ["element-extraction", "file-extraction"],
+  find: ["element-extraction"],
+  search: ["element-interaction", "element-extraction", "browser-management"],
+  collect: ["element-extraction", "element-interaction", "browser-management"],
+  output: ["element-extraction"],
+  download: ["file-extraction"],
+  save: ["file-extraction"],
+  export: ["file-extraction"],
+
+  // Form/interaction intents
+  form: ["element-interaction", "cookies-storage"],
+  fill: ["element-interaction"],
+  click: ["element-interaction"],
+  "type in": ["element-interaction"],
+  "type into": ["element-interaction"],
+  typing: ["element-interaction"],
+  input: ["element-interaction"],
+  submit: ["element-interaction"],
+  select: ["element-interaction"],
+  press: ["element-interaction"],
+  toggle: ["element-interaction"],
+  drag: ["element-interaction"],
+  drop: ["element-interaction"],
+  scroll: ["element-interaction"],
+  hover: ["element-interaction"],
+  interact: ["element-interaction"],
+
+  // Debugging intents
+  debug: ["debugging", "network-debugging"],
+  inspect: ["debugging", "network-debugging", "cdp-functions"],
+  analyze: ["debugging", "network-debugging"],
+  troubleshoot: ["debugging", "network-debugging"],
+  diagnose: ["debugging", "network-debugging"],
+
+  // Network intents
+  network: ["network-debugging", "dynamic-hooks"],
+  intercept: ["dynamic-hooks", "network-debugging"],
+  request: ["network-debugging", "dynamic-hooks"],
+  response: ["network-debugging", "dynamic-hooks"],
+  traffic: ["network-debugging", "dynamic-hooks"],
+  api: ["network-debugging", "dynamic-hooks"],
+  xhr: ["network-debugging", "dynamic-hooks"],
+  fetch: ["network-debugging", "dynamic-hooks"],
+  websocket: ["network-debugging", "dynamic-hooks"],
+
+  // CDP/JavaScript intents
+  cdp: ["cdp-functions"],
+  javascript: ["cdp-functions"],
+  js: ["cdp-functions"],
+  eval: ["cdp-functions"],
+  execute: ["cdp-functions"],
+  console: ["cdp-functions", "debugging"],
+  script: ["cdp-functions"],
+
+  // Tab management intents
+  tabs: ["tabs"],
+  tab: ["tabs"],
+  window: ["tabs"],
+  browser: ["browser-management", "tabs"],
+  spawn: ["browser-management"],
+  start: ["browser-management"],
+
+  // Persistence/Memory intents
+  memory: ["persistence"],
+  history: ["persistence"],
+  knowledge: ["persistence"],
+  checkpoint: ["persistence"],
+  recall: ["persistence"],
+  remember: ["persistence"],
+
+  // Cookie/storage intents
+  cookie: ["cookies-storage"],
+  cookies: ["cookies-storage"],
+  storage: ["cookies-storage"],
+  localstorage: ["cookies-storage"],
+  sessionstorage: ["cookies-storage"],
+  cache: ["cookies-storage"],
+
+  // Cloning intents
+  clone: ["progressive-cloning", "element-extraction"],
+  copy: ["progressive-cloning", "element-extraction"],
+  mirror: ["progressive-cloning", "element-extraction"],
+  replicate: ["progressive-cloning", "element-extraction"],
+
+  // File-specific intents
+  pdf: ["file-extraction"],
+  screenshot: ["element-interaction"],
+  image: ["element-extraction", "file-extraction"],
+  video: ["file-extraction"],
+  audio: ["file-extraction"],
+  document: ["file-extraction"],
+
+  // Authentication intents
+  login: ["element-interaction", "cookies-storage"],
+  "log in": ["element-interaction", "cookies-storage"],
+  "log into": ["element-interaction", "cookies-storage"],
+  "logged in": ["element-interaction", "cookies-storage"],
+  "logging in": ["element-interaction", "cookies-storage"],
+  signin: ["element-interaction", "cookies-storage"],
+  "sign in": ["element-interaction", "cookies-storage"],
+  "sign into": ["element-interaction", "cookies-storage"],
+  auth: ["element-interaction", "cookies-storage"],
+  authenticate: ["element-interaction", "cookies-storage"],
+  logout: ["element-interaction", "cookies-storage"],
+
+  // Table/data intents
+  table: ["element-extraction"],
+  list: ["element-extraction"],
+  data: ["element-extraction", "file-extraction"],
+  record: ["element-extraction"],
+  url: ["element-extraction"],
+  link: ["element-extraction"],
+  profile: ["element-extraction"],
+  lead: ["element-extraction", "element-interaction"],
+  prospect: ["element-extraction", "element-interaction"],
+  client: ["element-extraction", "element-interaction"],
+  advertiser: ["element-extraction", "element-interaction"],
+  ad: ["element-extraction", "element-interaction"],
+  listing: ["element-extraction", "element-interaction"],
+
+  // RIRD brand intents
+  rird: ["browser-management", "element-interaction", "element-extraction"],
+
+  // Site-specific intents
+  facebook: ["browser-management", "element-interaction", "element-extraction"],
+  fb: ["browser-management", "element-interaction", "element-extraction"],
+  instagram: ["browser-management", "element-interaction", "element-extraction"],
+  ig: ["browser-management", "element-interaction", "element-extraction"],
+  linkedin: ["browser-management", "element-interaction", "element-extraction"],
+  reddit: ["browser-management", "element-interaction", "element-extraction"],
+  twitter: ["browser-management", "element-interaction", "element-extraction"],
+  x: ["browser-management", "element-interaction", "element-extraction"],
+  maps: ["browser-management", "element-interaction", "element-extraction"],
+  google: ["browser-management", "element-interaction"],
+  amazon: ["browser-management", "element-interaction", "element-extraction"],
+  lib: ["browser-management", "element-interaction", "element-extraction"],
+  library: ["browser-management", "element-interaction", "element-extraction"],
+  thread: ["browser-management", "element-interaction", "element-extraction"],
+  post: ["browser-management", "element-interaction", "element-extraction"],
+}
+
+/**
+ * Keywords that indicate a simple navigation-only task (layer0 only).
+ * These patterns suggest no advanced MCP tools are needed.
+ */
+const SIMPLE_TASK_PATTERNS: RegExp[] = [
+  /^(go\s+to|open|visit|navigate\s+to|load)\s+/i,
+  /^(show|display|view)\s+(me\s+)?(the\s+)?/i,
+  /^what('s|\s+is)\s+(on|at)\s+/i,
+  /^(take\s+me\s+to|bring\s+up)\s+/i,
+]
+
+/**
+ * URLs or simple navigation patterns
+ */
+const URL_PATTERN = /^https?:\/\/[^\s]+$/i
+const DOMAIN_PATTERN = /^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+$/i
+
+/**
+ * The core/base section that is always loaded
+ */
+export const LAYER0_SECTION = "layer0"
+
+/**
+ * Result of intent analysis
+ */
+export interface IntentAnalysisResult {
+  /** Sections to load (always includes layer0) */
+  sections: string[]
+  /** Keywords that were matched in the prompt */
+  matchedKeywords: string[]
+  /** Whether this is a simple task (layer0 only) */
+  isSimple: boolean
+}
+
+/**
+ * Analyzes a user prompt to determine which MCP sections should be loaded.
+ *
+ * @param prompt - The user's task description or prompt
+ * @returns List of section names to load (always includes layer0, deduplicated)
+ *
+ * @example
+ * analyzeIntent("scrape all product prices from the page")
+ * // Returns: ["layer0", "element-extraction", "file-extraction"]
+ *
+ * @example
+ * analyzeIntent("go to google.com")
+ * // Returns: ["layer0"]
+ */
+export function analyzeIntent(prompt: string): string[] {
+  const result = analyzeIntentDetailed(prompt)
+  return result.sections
+}
+
+/**
+ * Detailed intent analysis with additional metadata.
+ *
+ * @param prompt - The user's task description or prompt
+ * @returns Detailed analysis result including matched keywords
+ */
+export function analyzeIntentDetailed(prompt: string): IntentAnalysisResult {
+  // Check if it's a simple task first
+  if (isSimpleTask(prompt)) {
+    return {
+      sections: [LAYER0_SECTION],
+      matchedKeywords: [],
+      isSimple: true,
+    }
+  }
+
+  // Guard against null/undefined prompt
+  if (!prompt || typeof prompt !== "string") {
+    return {
+      sections: [LAYER0_SECTION],
+      matchedKeywords: [],
+      isSimple: true,
+    }
+  }
+
+  const normalizedPrompt = prompt.toLowerCase()
+  const sections = new Set<string>([LAYER0_SECTION])
+  const matchedKeywords: string[] = []
+
+  // Check each intent keyword
+  for (const [keyword, sectionList] of Object.entries(INTENT_SECTIONS)) {
+    // Use word boundary matching to avoid partial matches
+    const pattern = new RegExp(`\\b${escapeRegex(keyword)}\\b`, "i")
+    if (pattern.test(normalizedPrompt)) {
+      matchedKeywords.push(keyword)
+      for (const section of sectionList) {
+        sections.add(section)
+      }
+    }
+  }
+
+  return {
+    sections: Array.from(sections),
+    matchedKeywords,
+    isSimple: sections.size === 1,
+  }
+}
+
+/**
+ * Checks if a prompt describes a simple task that only needs layer0 (core) capabilities.
+ * Simple tasks are basic navigation operations like "go to google.com" or "open https://example.com".
+ *
+ * @param prompt - The user's task description or prompt
+ * @returns True if the task only needs layer0 capabilities
+ *
+ * @example
+ * isSimpleTask("go to google.com") // true
+ * isSimpleTask("open https://example.com") // true
+ * isSimpleTask("scrape all products from the page") // false
+ */
+export function isSimpleTask(prompt: string): boolean {
+  const trimmedPrompt = prompt.trim()
+
+  // Check if it's just a URL
+  if (URL_PATTERN.test(trimmedPrompt) || DOMAIN_PATTERN.test(trimmedPrompt)) {
+    return true
+  }
+
+  // Check simple task patterns
+  for (const pattern of SIMPLE_TASK_PATTERNS) {
+    if (pattern.test(trimmedPrompt)) {
+      // Extract what comes after the pattern
+      const remainder = trimmedPrompt.replace(pattern, "").trim()
+
+      // If remainder is just a URL or domain, it's simple
+      if (URL_PATTERN.test(remainder) || DOMAIN_PATTERN.test(remainder)) {
+        return true
+      }
+
+      // If remainder is very short (likely just a site name), it's simple
+      if (remainder.length < 50 && !containsComplexIntent(remainder)) {
+        return true
+      }
+    }
+  }
+
+  return false
+}
+
+/**
+ * Gets all available section names from the intent mapping.
+ *
+ * @returns Array of unique section names
+ */
+export function getAvailableSections(): string[] {
+  const sections = new Set<string>([LAYER0_SECTION])
+  for (const sectionList of Object.values(INTENT_SECTIONS)) {
+    for (const section of sectionList) {
+      sections.add(section)
+    }
+  }
+  return Array.from(sections).sort()
+}
+
+/**
+ * Gets all intent keywords that map to a specific section.
+ *
+ * @param section - The section name to look up
+ * @returns Array of keywords that trigger loading of this section
+ */
+export function getKeywordsForSection(section: string): string[] {
+  const keywords: string[] = []
+  for (const [keyword, sectionList] of Object.entries(INTENT_SECTIONS)) {
+    if (sectionList.includes(section)) {
+      keywords.push(keyword)
+    }
+  }
+  return keywords.sort()
+}
+
+/**
+ * Gets the raw intent-to-section mapping for external use.
+ *
+ * @returns Copy of the intent sections mapping
+ */
+export function getIntentSectionsMapping(): Record<string, string[]> {
+  return { ...INTENT_SECTIONS }
+}
+
+// Helper functions
+
+/**
+ * Escapes special regex characters in a string
+ */
+function escapeRegex(str: string): string {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")
+}
+
+/**
+ * Checks if text contains keywords suggesting a complex task
+ */
+function containsComplexIntent(text: string): boolean {
+  const normalizedText = text.toLowerCase()
+
+  // Check for any intent keywords
+  for (const keyword of Object.keys(INTENT_SECTIONS)) {
+    const pattern = new RegExp(`\\b${escapeRegex(keyword)}\\b`, "i")
+    if (pattern.test(normalizedText)) {
+      return true
+    }
+  }
+
+  // Check for action words that suggest complexity
+  const complexPatterns = [
+    /\band\s+then\b/i,
+    /\bafter\s+that\b/i,
+    /\bfor\s+each\b/i,
+    /\ball\s+(the\s+)?/i,
+    /\bevery\s+/i,
+    /\bmultiple\b/i,
+    /\brepeat\b/i,
+    /\bloop\b/i,
+    /\bwait\s+(for|until)\b/i,
+  ]
+
+  return complexPatterns.some((pattern) => pattern.test(normalizedText))
+}

package/src/mcp/oauth-callback.ts

@@ -0,0 +1,200 @@
+import { Log } from "../util/log"
+import { OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_PATH } from "./oauth-provider"
+
+const log = Log.create({ service: "mcp.oauth-callback" })
+
+const HTML_SUCCESS = `<!DOCTYPE html>
+<html>
+<head>
+  <title>RIRD - Authorization Successful</title>
+  <style>
+    body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
+    .container { text-align: center; padding: 2rem; }
+    h1 { color: #4ade80; margin-bottom: 1rem; }
+    p { color: #aaa; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Authorization Successful</h1>
+    <p>You can close this window and return to RIRD.</p>
+  </div>
+  <script>setTimeout(() => window.close(), 2000);</script>
+</body>
+</html>`
+
+const HTML_ERROR = (error: string) => `<!DOCTYPE html>
+<html>
+<head>
+  <title>RIRD - Authorization Failed</title>
+  <style>
+    body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
+    .container { text-align: center; padding: 2rem; }
+    h1 { color: #f87171; margin-bottom: 1rem; }
+    p { color: #aaa; }
+    .error { color: #fca5a5; font-family: monospace; margin-top: 1rem; padding: 1rem; background: rgba(248,113,113,0.1); border-radius: 0.5rem; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Authorization Failed</h1>
+    <p>An error occurred during authorization.</p>
+    <div class="error">${error}</div>
+  </div>
+</body>
+</html>`
+
+interface PendingAuth {
+  resolve: (code: string) => void
+  reject: (error: Error) => void
+  timeout: ReturnType<typeof setTimeout>
+}
+
+export namespace McpOAuthCallback {
+  let server: ReturnType<typeof Bun.serve> | undefined
+  const pendingAuths = new Map<string, PendingAuth>()
+
+  const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes
+
+  export async function ensureRunning(): Promise<void> {
+    if (server) return
+
+    const running = await isPortInUse()
+    if (running) {
+      log.info("oauth callback server already running on another instance", { port: OAUTH_CALLBACK_PORT })
+      return
+    }
+
+    server = Bun.serve({
+      port: OAUTH_CALLBACK_PORT,
+      fetch(req) {
+        const url = new URL(req.url)
+
+        if (url.pathname !== OAUTH_CALLBACK_PATH) {
+          return new Response("Not found", { status: 404 })
+        }
+
+        const code = url.searchParams.get("code")
+        const state = url.searchParams.get("state")
+        const error = url.searchParams.get("error")
+        const errorDescription = url.searchParams.get("error_description")
+
+        log.info("received oauth callback", { hasCode: !!code, state, error })
+
+        // Enforce state parameter presence
+        if (!state) {
+          const errorMsg = "Missing required state parameter - potential CSRF attack"
+          log.error("oauth callback missing state parameter", { url: url.toString() })
+          return new Response(HTML_ERROR(errorMsg), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        if (error) {
+          const errorMsg = errorDescription || error
+          if (pendingAuths.has(state)) {
+            const pending = pendingAuths.get(state)!
+            clearTimeout(pending.timeout)
+            pendingAuths.delete(state)
+            pending.reject(new Error(errorMsg))
+          }
+          return new Response(HTML_ERROR(errorMsg), {
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        if (!code) {
+          return new Response(HTML_ERROR("No authorization code provided"), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        // Validate state parameter
+        if (!pendingAuths.has(state)) {
+          const errorMsg = "Invalid or expired state parameter - potential CSRF attack"
+          log.error("oauth callback with invalid state", { state, pendingStates: Array.from(pendingAuths.keys()) })
+          return new Response(HTML_ERROR(errorMsg), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        const pending = pendingAuths.get(state)!
+
+        clearTimeout(pending.timeout)
+        pendingAuths.delete(state)
+        pending.resolve(code)
+
+        return new Response(HTML_SUCCESS, {
+          headers: { "Content-Type": "text/html" },
+        })
+      },
+    })
+
+    log.info("oauth callback server started", { port: OAUTH_CALLBACK_PORT })
+  }
+
+  export function waitForCallback(oauthState: string): Promise<string> {
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        if (pendingAuths.has(oauthState)) {
+          pendingAuths.delete(oauthState)
+          reject(new Error("OAuth callback timeout - authorization took too long"))
+        }
+      }, CALLBACK_TIMEOUT_MS)
+
+      pendingAuths.set(oauthState, { resolve, reject, timeout })
+    })
+  }
+
+  export function cancelPending(mcpName: string): void {
+    const pending = pendingAuths.get(mcpName)
+    if (pending) {
+      clearTimeout(pending.timeout)
+      pendingAuths.delete(mcpName)
+      pending.reject(new Error("Authorization cancelled"))
+    }
+  }
+
+  export async function isPortInUse(): Promise<boolean> {
+    return new Promise((resolve) => {
+      Bun.connect({
+        hostname: "127.0.0.1",
+        port: OAUTH_CALLBACK_PORT,
+        socket: {
+          open(socket) {
+            socket.end()
+            resolve(true)
+          },
+          error() {
+            resolve(false)
+          },
+          data() {},
+          close() {},
+        },
+      }).catch(() => {
+        resolve(false)
+      })
+    })
+  }
+
+  export async function stop(): Promise<void> {
+    if (server) {
+      server.stop()
+      server = undefined
+      log.info("oauth callback server stopped")
+    }
+
+    for (const [name, pending] of pendingAuths) {
+      clearTimeout(pending.timeout)
+      pending.reject(new Error("OAuth callback server stopped"))
+    }
+    pendingAuths.clear()
+  }
+
+  export function isRunning(): boolean {
+    return server !== undefined
+  }
+}