slashvibe-mcp 0.2.7 → 0.2.9

package/README.md

@@ -60,7 +60,6 @@ The MCP server connects to `slashvibe.dev` for:
 
 ## Related
 
-- [GitHub](https://github.com/VibeCodingInc/vibe-mcp) - Source code
 - [slashvibe.dev](https://slashvibe.dev) - Web presence
 - [Spirit Protocol](https://spiritprotocol.io) - Parent ecosystem
 - [AIRC](https://airc.chat) - Agent identity protocol

package/config.js

@@ -66,15 +66,7 @@ function save(config) {
     publicKey: config.publicKey || existing.publicKey || null,
     privateKey: config.privateKey || existing.privateKey || null,
     // Guided mode (AskUserQuestion menus)
-    guided_mode: config.guided_mode !== undefined ? config.guided_mode : existing.guided_mode,
-    // Notification level
-    notifications: config.notifications || existing.notifications || null,
-    // GitHub Activity settings
-    github_activity_enabled: config.github_activity_enabled !== undefined ? config.github_activity_enabled : existing.github_activity_enabled,
-    github_activity_privacy: config.github_activity_privacy || existing.github_activity_privacy || null,
-    // Privy OAuth token (persisted across MCP process restarts)
-    privyToken: config.privyToken || existing.privyToken || null,
-    authMethod: config.authMethod || existing.authMethod || null
+    guided_mode: config.guided_mode !== undefined ? config.guided_mode : existing.guided_mode
   };
   fs.writeFileSync(PRIMARY_CONFIG, JSON.stringify(data, null, 2));
 }
@@ -211,80 +203,11 @@ function setAuthToken(token, sessionId = null) {
 }
 
 function getAuthToken() {
-  // First check session data
   const data = getSessionData();
   if (data?.token) return data.token;
-
-  // Fall back to shared config (persisted across MCP process restarts)
-  const cfg = load();
-  return cfg?.privyToken || null;
-}
-
-/**
- * Save Privy JWT token (used after browser OAuth flow)
- * @param {string} token - Privy access token
- */
-function savePrivyToken(token) {
-  // Save to session data
-  const data = getSessionData() || {};
-  saveSessionData({
-    ...data,
-    sessionId: data.sessionId || generateSessionId(),
-    token,
-    authMethod: 'privy'  // Track that this is a Privy token
-  });
-
-  // Also save to shared config for persistence across MCP restarts
-  const cfg = load();
-  cfg.privyToken = token;
-  cfg.authMethod = 'privy';
-  save(cfg);
-}
-
-/**
- * Check if user has Privy auth (vs legacy keypair)
- * Accepts both 'privy' and 'browser' as valid auth methods
- */
-function hasPrivyAuth() {
-  const validAuthMethods = ['privy', 'browser'];
-
-  const data = getSessionData();
-  if (validAuthMethods.includes(data?.authMethod) && data?.token) return true;
-
-  const cfg = load();
-  return validAuthMethods.includes(cfg?.authMethod) && cfg?.privyToken;
-}
-
-/**
- * Remove keypair after migration to Privy
- * Clears private key from config (security improvement)
- */
-function removeKeypair() {
-  const cfg = load();
-  delete cfg.publicKey;
-  delete cfg.privateKey;
-  save(cfg);
-
-  // Also clear from session
-  const data = getSessionData();
-  if (data) {
-    delete data.publicKey;
-    delete data.privateKey;
-    saveSessionData(data);
-  }
-}
-
-/**
- * Get auth URL for browser-based GitHub OAuth
- * @param {string|null} handle - Custom handle (optional - defaults to GitHub username)
- */
-function getAuthUrl(handle = null) {
-  const apiUrl = getApiUrl();
-  if (handle) {
-    return `${apiUrl}/api/auth/github?handle=${encodeURIComponent(handle)}`;
-  }
-  // No handle = use GitHub username as handle
-  return `${apiUrl}/api/auth/github`;
+  // Fall back to privyToken in config (for persistence across sessions)
+  const config = load();
+  return config?.privyToken || null;
 }
 
 function clearSession() {
@@ -328,61 +251,11 @@ function setNotifications(level) {
   save(config);
 }
 
-// GitHub Activity settings
-// Shows shipping status based on GitHub commit activity
-// Default: false (opt-in for privacy)
-function getGithubActivityEnabled() {
-  const config = load();
-  return config.github_activity_enabled === true;
-}
-
-function setGithubActivityEnabled(enabled) {
-  const config = load();
-  config.github_activity_enabled = enabled;
-  save(config);
-}
-
-// GitHub Activity privacy level
-// Levels: "full" | "status_only" | "off"
-// - full: Show repos, commit counts, tech stack (default when enabled)
-// - status_only: Just show shipping badge (🔥/⚡), no details
-// - off: Disabled completely
-function getGithubActivityPrivacy() {
-  const config = load();
-  return config.github_activity_privacy || 'full';
-}
-
-function setGithubActivityPrivacy(level) {
-  const validLevels = ['full', 'status_only', 'off'];
-  if (!validLevels.includes(level)) {
-    throw new Error(`Invalid privacy level. Use: ${validLevels.join(', ')}`);
-  }
-  const config = load();
-  config.github_activity_privacy = level;
-  save(config);
-}
-
 // API URL — central endpoint for all API calls
 function getApiUrl() {
   return process.env.VIBE_API_URL || 'https://www.slashvibe.dev';
 }
 
-// ─────────────────────────────────────────────────────────────
-// Generic key-value store for ephemeral session state
-// Used by presence-agent, mute, and other tools for runtime state
-// NOT persisted to disk — resets when MCP server restarts
-// ─────────────────────────────────────────────────────────────
-const sessionState = {};
-
-function get(key, defaultValue = null) {
-  return sessionState[key] !== undefined ? sessionState[key] : defaultValue;
-}
-
-function set(key, value) {
-  sessionState[key] = value;
-  return value;
-}
-
 module.exports = {
   VIBE_DIR,
   CONFIG_FILE,
@@ -406,18 +279,5 @@ module.exports = {
   setGuidedMode,
   getNotifications,
   setNotifications,
-  // GitHub Activity settings
-  getGithubActivityEnabled,
-  setGithubActivityEnabled,
-  getGithubActivityPrivacy,
-  setGithubActivityPrivacy,
-  getApiUrl,
-  // Privy OAuth helpers
-  savePrivyToken,
-  hasPrivyAuth,
-  removeKeypair,
-  getAuthUrl,
-  // Generic key-value for ephemeral session state
-  get,
-  set
+  getApiUrl
 };

package/crypto.js

@@ -143,9 +143,10 @@ function generateMessageId() {
  * @param {string} [params.body] Message body
  * @param {object} [params.payload] Message payload
  * @param {string} privateKeyBase64 Sender's private key
+ * @param {string} publicKeyBase64 Sender's public key (required for verification)
  * @returns {object} Complete signed message
  */
-function createSignedMessage({ from, to, body, payload }, privateKeyBase64) {
+function createSignedMessage({ from, to, body, payload }, privateKeyBase64, publicKeyBase64) {
   const message = {
     v: '0.1',
     id: generateMessageId(),
@@ -158,8 +159,9 @@ function createSignedMessage({ from, to, body, payload }, privateKeyBase64) {
   if (body) message.body = body;
   if (payload) message.payload = payload;
 
-  // Sign
+  // Sign and include public key for verification
   message.signature = sign(message, privateKeyBase64);
+  message.publicKey = publicKeyBase64;
 
   return message;
 }
@@ -171,9 +173,10 @@ function createSignedMessage({ from, to, body, payload }, privateKeyBase64) {
  * @param {string} status Status (online/idle/busy/offline)
  * @param {string} [context] Activity context
  * @param {string} privateKeyBase64 User's private key
+ * @param {string} publicKeyBase64 User's public key (required for verification)
  * @returns {object} Signed heartbeat
  */
-function createSignedHeartbeat(handle, status, context, privateKeyBase64) {
+function createSignedHeartbeat(handle, status, context, privateKeyBase64, publicKeyBase64) {
   const heartbeat = {
     handle,
     status,
@@ -183,7 +186,9 @@ function createSignedHeartbeat(handle, status, context, privateKeyBase64) {
 
   if (context) heartbeat.context = context;
 
+  // Sign and include public key for verification
   heartbeat.signature = sign(heartbeat, privateKeyBase64);
+  heartbeat.publicKey = publicKeyBase64;
 
   return heartbeat;
 }