sentinelayer-cli 0.18.2 → 0.20.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sentinelayer-cli",
-  "version": "0.18.2",
+  "version": "0.20.0",
   "description": "Scaffold Sentinelayer spec/prompt/guide artifacts with secure browser auth and token bootstrap.",
   "type": "module",
   "scripts": {

package/src/commands/ai/identity-lifecycle.js

@@ -39,6 +39,16 @@ import {
   writeArtifact,
 } from "./shared.js";
 
+function maskEmailForDisplay(value) {
+  const email = String(value || "").trim();
+  if (!email) return "unknown-email";
+  const atIndex = email.indexOf("@");
+  if (atIndex <= 0 || atIndex === email.length - 1) return "[redacted-email]";
+  const local = email.slice(0, atIndex);
+  const domain = email.slice(atIndex + 1);
+  return `${local.slice(0, 1)}***@${domain}`;
+}
+
 export function registerAiIdentityLifecycleCommands({ identity, legalHold }) {
 identity
   .command("list")
@@ -75,8 +85,9 @@ identity
       return;
     }
     for (const item of identities) {
+      const displayAddress = maskEmailForDisplay(item.emailAddress);
       console.log(
-        `- ${item.identityId} | ${item.emailAddress || "unknown-email"} | ${item.status} | ${
+        `- ${item.identityId} | ${displayAddress} | ${item.status} | ${
           item.projectId || "no-project"
         }`
       );
@@ -118,7 +129,8 @@ identity
 
     console.log(pc.bold("AIdenID identity"));
     console.log(pc.gray(`Registry: ${registryPath}`));
-    console.log(`${identityRecord.identityId} | ${identityRecord.emailAddress || "unknown-email"}`);
+    const displayAddress = maskEmailForDisplay(identityRecord.emailAddress);
+    console.log(`${identityRecord.identityId} | ${displayAddress}`);
     console.log(`status=${identityRecord.status} project=${identityRecord.projectId || "n/a"}`);
   });
 

package/src/commands/mcp.js

@@ -11,6 +11,7 @@ import {
   buildAidenIdRegistryTemplate,
   buildMcpToolRegistrySchema,
   buildMcpServerConfigTemplate,
+  buildSentinelayerSessionRegistryTemplate,
   buildVsCodeMcpBridgeTemplate,
   readJsonFile,
   resolveDefaultAidenIdAdapterContractPath,
@@ -23,6 +24,7 @@ import {
   validateMcpToolRegistry,
   writeJsonFile,
 } from "../mcp/registry.js";
+import { runMcpStdioServer } from "../mcp/session-stdio-server.js";
 import { resolveOutputRoot } from "../config/service.js";
 
 function shouldEmitJson(options, command) {
@@ -220,6 +222,38 @@ export function registerMcpCommand(program) {
       console.log(pc.gray("Next: validate with registry cross-check before runtime wiring."));
     });
 
+  registry
+    .command("init-session")
+    .description("Write the built-in SentinelLayer session MCP tool registry")
+    .option("--path <path>", "Destination file path override")
+    .option("--output-dir <path>", "Optional artifact output root override")
+    .option("--force", "Overwrite destination file if it already exists")
+    .option("--json", "Emit machine-readable output")
+    .action(async (options, command) => {
+      const defaultPath = await resolveDefaultMcpOutputPath({
+        cwd: process.cwd(),
+        outputDir: options.outputDir,
+        env: process.env,
+      });
+      const outputPath = normalizeOutputPath(options.path, defaultPath.replace(".schema", ".session-tools"));
+      const template = buildSentinelayerSessionRegistryTemplate();
+      validateMcpToolRegistry(template);
+      const writtenPath = await writeJsonFile(outputPath, template, { force: Boolean(options.force) });
+      const payload = {
+        command: "mcp registry init-session",
+        outputPath: writtenPath,
+        toolCount: template.tools.length,
+        tools: template.tools.map((tool) => tool.name),
+      };
+
+      if (shouldEmitJson(options, command)) {
+        console.log(JSON.stringify(payload, null, 2));
+        return;
+      }
+      console.log(pc.green(`Wrote SentinelLayer session MCP registry template: ${writtenPath}`));
+      console.log(pc.gray("Next: run 'sl mcp server init --id sentinelayer-session --registry-file <path>'."));
+    });
+
   registry
     .command("validate")
     .description("Validate an MCP tool registry JSON payload against Sentinelayer contract")
@@ -422,6 +456,32 @@ export function registerMcpCommand(program) {
       console.log(pc.gray(`File: ${loaded.path}`));
     });
 
+  server
+    .command("run")
+    .description("Run the SentinelLayer MCP stdio server")
+    .option("--config <path>", "MCP server config JSON to validate before startup")
+    .option("--path <path>", "Workspace path used for session auth and local caches", ".")
+    .option("--framing <mode>", "stdio framing: newline or content-length", "newline")
+    .action(async (options) => {
+      const targetPath = path.resolve(process.cwd(), String(options.path || "."));
+      const configPath = String(options.config || "").trim();
+      if (configPath) {
+        const loaded = await readJsonFile(path.resolve(process.cwd(), configPath));
+        const parsed = validateMcpServerConfig(loaded.data);
+        if (parsed.transport.mode !== "stdio") {
+          throw new Error("mcp server run requires a stdio server config.");
+        }
+      }
+      const framing = String(options.framing || "newline").trim().toLowerCase();
+      if (!["newline", "content-length"].includes(framing)) {
+        throw new Error("framing must be 'newline' or 'content-length'.");
+      }
+      await runMcpStdioServer({
+        targetPath,
+        framing,
+      });
+    });
+
   const bridge = mcp.command("bridge").description("Generate MCP bridge configuration wrappers");
 
   bridge